ID RHSA-2016:0071 Type redhat Reporter RedHat Modified 2018-06-06T20:24:18
Description
Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2016-1930, CVE-2016-1935)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary
Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the
original reporters of these issues.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 38.6.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.
{"id": "RHSA-2016:0071", "hash": "2f3e4980143deefc6ed422e090703c04", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0071) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2016-01-27T05:00:00", "modified": "2018-06-06T20:24:18", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2016:0071", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1930", "CVE-2016-1935"], "lastseen": "2019-08-13T18:46:10", "history": [{"bulletin": {"id": "RHSA-2016:0071", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0071) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2016-01-27T05:00:00", "modified": "2017-03-03T17:28:53", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0071", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1930", "CVE-2016-1935"], "lastseen": "2017-03-06T01:18:12", "history": [], "viewCount": 2, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageFilename": "firefox-38.6.0-1.el6_7.ppc.rpm", "OS": "RedHat", "arch": "ppc", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el7_2.ppc.rpm", "OS": "RedHat", "arch": "ppc", "packageName": "firefox", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "firefox-debuginfo", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "firefox-debuginfo", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "firefox-debuginfo", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "firefox-debuginfo", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.i386.rpm", "OS": "RedHat", "arch": "i386", "packageName": "firefox-debuginfo", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "firefox-debuginfo", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el6_7.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el6_7.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "firefox-debuginfo", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el7_2.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "firefox", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el5_11.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "firefox", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el5_11.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "firefox", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "firefox-debuginfo", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el7_2.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "firefox", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "firefox-debuginfo", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc.rpm", "OS": "RedHat", "arch": "ppc", "packageName": "firefox-debuginfo", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el6_7.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el7_2.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "firefox", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "firefox-debuginfo", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el5_11.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "firefox", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "firefox-debuginfo", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el5_11.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "firefox", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el7_2.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "firefox", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el6_7.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "firefox-debuginfo", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el5_11.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "firefox", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el7_2.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "firefox", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "firefox-debuginfo", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc.rpm", "OS": "RedHat", "arch": "ppc", "packageName": "firefox-debuginfo", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el6_7.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "firefox-debuginfo", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el6_7.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "firefox-debuginfo", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el5_11.i386.rpm", "OS": "RedHat", "arch": "i386", "packageName": "firefox", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}]}, "lastseen": "2017-03-06T01:18:12", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2016:0071", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0071) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2016-01-27T05:00:00", "modified": "2017-07-21T12:54:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0071", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1930", "CVE-2016-1935"], "lastseen": "2017-07-23T08:51:37", "history": [], "viewCount": 2, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageFilename": "firefox-38.6.0-1.el6_7.ppc.rpm", "OS": "RedHat", "arch": "ppc", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el7_2.ppc.rpm", "OS": "RedHat", "arch": "ppc", "packageName": "firefox", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "firefox-debuginfo", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "firefox-debuginfo", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "firefox-debuginfo", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "firefox-debuginfo", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.i386.rpm", "OS": "RedHat", "arch": "i386", "packageName": "firefox-debuginfo", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "firefox-debuginfo", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el6_7.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el6_7.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "firefox-debuginfo", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el7_2.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "firefox", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el5_11.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "firefox", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el5_11.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "firefox", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "firefox-debuginfo", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el7_2.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "firefox", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "firefox-debuginfo", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc.rpm", "OS": "RedHat", "arch": "ppc", "packageName": "firefox-debuginfo", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el6_7.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el7_2.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "firefox", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "firefox-debuginfo", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el5_11.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "firefox", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "firefox-debuginfo", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el5_11.ppc64.rpm", "OS": "RedHat", "arch": "ppc64", "packageName": "firefox", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el7_2.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "firefox", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el6_7.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "firefox-debuginfo", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el5_11.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "firefox", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el7_2.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "firefox", "OSVersion": "7", "packageVersion": "38.6.0-1.el7_2", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "firefox-debuginfo", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc.rpm", "OS": "RedHat", "arch": "ppc", "packageName": "firefox-debuginfo", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el6_7.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "firefox-debuginfo", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el6_7.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "firefox", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "firefox-debuginfo", "OSVersion": "6", "packageVersion": "38.6.0-1.el6_7", "operator": "lt"}, {"packageFilename": "firefox-38.6.0-1.el5_11.i386.rpm", "OS": "RedHat", "arch": "i386", "packageName": "firefox", "OSVersion": "5", "packageVersion": "38.6.0-1.el5_11", "operator": "lt"}]}, "lastseen": "2017-07-23T08:51:37", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2016:0071", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0071) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2016-01-27T05:00:00", "modified": "2017-07-28T19:31:28", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0071", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1930", "CVE-2016-1935"], "lastseen": "2017-08-02T22:58:03", "history": [], "viewCount": 2, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-08-02T22:58:03", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "RHSA-2016:0071", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0071) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2016-01-27T05:00:00", "modified": "2017-08-25T03:34:40", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0071", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1930", "CVE-2016-1935"], "lastseen": "2017-08-25T10:13:53", "history": [], "viewCount": 3, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-08-25T10:13:53", "differentElements": ["modified"], "edition": 4}, {"bulletin": {"id": "RHSA-2016:0071", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0071) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2016-01-27T05:00:00", "modified": "2017-08-28T07:29:29", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0071", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1930", "CVE-2016-1935"], "lastseen": "2017-08-31T03:32:28", "history": [], "viewCount": 3, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-08-31T03:32:28", "differentElements": ["affectedPackage", "modified"], "edition": 5}, {"bulletin": {"id": "RHSA-2016:0071", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0071) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2016-01-27T05:00:00", "modified": "2017-09-08T12:14:01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0071", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1930", "CVE-2016-1935"], "lastseen": "2017-09-09T07:20:12", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 7.9, "modified": "2017-09-09T07:20:12", "vector": "AV:N/AC:M/Au:M/C:C/I:C/A:C/"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}]}, "lastseen": "2017-09-09T07:20:12", "differentElements": ["modified"], "edition": 6}, {"bulletin": {"id": "RHSA-2016:0071", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0071) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2016-01-27T05:00:00", "modified": "2018-03-19T16:31:44", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0071", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1930", "CVE-2016-1935"], "lastseen": "2018-03-23T02:32:40", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 7.9, "modified": "2018-03-23T02:32:40", "vector": "AV:N/AC:M/Au:M/C:C/I:C/A:C/"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}]}, "lastseen": "2018-03-23T02:32:40", "differentElements": ["modified"], "edition": 7}, {"bulletin": {"id": "RHSA-2016:0071", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0071) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2016-01-27T05:00:00", "modified": "2018-04-12T03:32:53", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0071", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1930", "CVE-2016-1935"], "lastseen": "2018-04-15T14:24:25", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el5_11", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el5_11.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el6_7", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el6_7.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox", "packageFilename": "firefox-38.6.0-1.el7_2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}, {"packageVersion": "38.6.0-1.el7_2", "packageName": "firefox-debuginfo", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "7", "OS": "RedHat"}]}, "lastseen": "2018-04-15T14:24:25", "differentElements": ["modified"], "edition": 8}, {"bulletin": {"id": "RHSA-2016:0071", "hash": "826db6cb91000e826969cc18e9012b07", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0071) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2016-01-27T05:00:00", "modified": "2018-06-06T20:24:18", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0071", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1930", "CVE-2016-1935"], "lastseen": "2018-06-06T18:05:59", "history": [], "viewCount": 4, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageName": "firefox", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-38.6.0-1.el5_11.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "firefox", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-38.6.0-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "firefox", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-38.6.0-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "firefox", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-38.6.0-1.el5_11.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "firefox", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-38.6.0-1.el5_11.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390", "packageName": "firefox", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-38.6.0-1.el5_11.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "i686", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "i686", "packageName": "firefox", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-38.6.0-1.el7_2.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "firefox", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-38.6.0-1.el7_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "firefox", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-38.6.0-1.el7_2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc", "packageName": "firefox", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-38.6.0-1.el7_2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "firefox", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-38.6.0-1.el7_2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390", "packageName": "firefox", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-38.6.0-1.el7_2.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390.rpm", "operator": "lt"}]}, "lastseen": "2018-06-06T18:05:59", "differentElements": ["affectedPackage"], "edition": 9}, {"bulletin": {"id": "RHSA-2016:0071", "hash": "e1b1cf48db2f1ceab30c00847b72a0bd", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0071) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2016-01-27T05:00:00", "modified": "2018-06-06T20:24:18", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0071", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1930", "CVE-2016-1935"], "lastseen": "2018-12-11T19:41:03", "history": [], "viewCount": 4, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-1930", "CVE-2016-1935"]}, {"type": "nessus", "idList": ["OPENSUSE-2016-127.NASL", "CENTOS_RHSA-2016-0071.NASL", "OPENSUSE-2016-222.NASL", "SL_20160218_THUNDERBIRD_ON_SL5_X.NASL", "MOZILLA_FIREFOX_38_6_ESR.NASL", "MACOSX_FIREFOX_38_6_ESR.NASL", "REDHAT-RHSA-2016-0071.NASL", "ORACLELINUX_ELSA-2016-0071.NASL", "SL_20160127_FIREFOX_ON_SL5_X.NASL", "SUSE_SU-2016-0334-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0071", "ELSA-2016-0258"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882401", "OPENVAS:1361412562310882400", "OPENVAS:1361412562310131201", "OPENVAS:1361412562310807050", "OPENVAS:1361412562310871562", "OPENVAS:1361412562310122862", "OPENVAS:1361412562310882382", "OPENVAS:1361412562310807053", "OPENVAS:1361412562310851186", "OPENVAS:1361412562310871550"]}, {"type": "centos", "idList": ["CESA-2016:0258", "CESA-2016:0071"]}, {"type": "redhat", "idList": ["RHSA-2016:0258"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0310-1", "SUSE-SU-2016:0334-1", "SUSE-SU-2016:0338-1", "OPENSUSE-SU-2016:0306-1", "OPENSUSE-SU-2016:0309-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3457-1:35F23", "DEBIAN:DSA-3491-1:35440"]}, {"type": "ubuntu", "idList": ["USN-2904-1", "USN-2880-2", "USN-2880-1"]}, {"type": "archlinux", "idList": ["ASA-201602-16"]}, {"type": "mozilla", "idList": ["MFSA2016-03", "MFSA2016-01"]}, {"type": "freebsd", "idList": ["4F00DAC0-1E18-4481-95AF-7AAAD63FD303"]}, {"type": "kaspersky", "idList": ["KLA10748"]}, {"type": "gentoo", "idList": ["GLSA-201605-06"]}], "modified": "2018-12-11T19:41:03"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.i386.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T19:41:03", "differentElements": ["cvss"], "edition": 10}, {"bulletin": {"id": "RHSA-2016:0071", "hash": "de8516ae73f9d6627797bf16eb52f71e", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:0071) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2016-01-27T05:00:00", "modified": "2018-06-06T20:24:18", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2016:0071", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1930", "CVE-2016-1935"], "lastseen": "2019-05-29T14:35:49", "history": [], "viewCount": 4, "enchantments": {"score": {"value": 8.6, "vector": "NONE", "modified": "2019-05-29T14:35:49"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-1935", "CVE-2016-1930"]}, {"type": "nessus", "idList": ["MACOSX_FIREFOX_38_6_ESR.NASL", "OPENSUSE-2016-127.NASL", "MOZILLA_FIREFOX_38_6_ESR.NASL", "CENTOS_RHSA-2016-0071.NASL", "SL_20160127_FIREFOX_ON_SL5_X.NASL", "REDHAT-RHSA-2016-0071.NASL", "ORACLELINUX_ELSA-2016-0071.NASL", "OPENSUSE-2016-222.NASL", "SL_20160218_THUNDERBIRD_ON_SL5_X.NASL", "SUSE_SU-2016-0334-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882400", "OPENVAS:1361412562310851186", "OPENVAS:1361412562310807050", "OPENVAS:1361412562310871550", "OPENVAS:1361412562310882382", "OPENVAS:1361412562310882383", "OPENVAS:1361412562310122885", "OPENVAS:1361412562310882402", "OPENVAS:1361412562310871562", "OPENVAS:1361412562310122862"]}, {"type": "redhat", "idList": ["RHSA-2016:0258"]}, {"type": "centos", "idList": ["CESA-2016:0071", "CESA-2016:0258"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0310-1", "SUSE-SU-2016:0338-1", "SUSE-SU-2016:0334-1", "OPENSUSE-SU-2016:0309-1", "OPENSUSE-SU-2016:0306-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0258", "ELSA-2016-0071"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3457-1:35F23", "DEBIAN:DSA-3491-1:35440"]}, {"type": "ubuntu", "idList": ["USN-2904-1", "USN-2880-1", "USN-2880-2"]}, {"type": "archlinux", "idList": ["ASA-201602-16"]}, {"type": "mozilla", "idList": ["MFSA2016-03", "MFSA2016-01"]}, {"type": "freebsd", "idList": ["4F00DAC0-1E18-4481-95AF-7AAAD63FD303"]}, {"type": "kaspersky", "idList": ["KLA10748"]}, {"type": "gentoo", "idList": ["GLSA-201605-06"]}], "modified": "2019-05-29T14:35:49"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.i386.rpm", "operator": "lt"}]}, "lastseen": "2019-05-29T14:35:49", "differentElements": ["affectedPackage"], "edition": 11}], "viewCount": 4, "enchantments": {"score": {"value": 8.6, "vector": "NONE", "modified": "2019-08-13T18:46:10", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-1930", "CVE-2016-1935"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871550", "OPENVAS:1361412562310871562", "OPENVAS:1361412562310882383", "OPENVAS:1361412562310807053", "OPENVAS:1361412562310851186", "OPENVAS:1361412562310882400", "OPENVAS:1361412562310807050", "OPENVAS:1361412562310122885", "OPENVAS:1361412562310882402", "OPENVAS:1361412562310882382"]}, {"type": "centos", "idList": ["CESA-2016:0071", "CESA-2016:0258"]}, {"type": "nessus", "idList": ["SL_20160127_FIREFOX_ON_SL5_X.NASL", "REDHAT-RHSA-2016-0071.NASL", "SUSE_SU-2016-0338-1.NASL", "OPENSUSE-2016-222.NASL", "MOZILLA_FIREFOX_38_6_ESR.NASL", "CENTOS_RHSA-2016-0071.NASL", "OPENSUSE-2016-127.NASL", "ORACLELINUX_ELSA-2016-0071.NASL", "SL_20160218_THUNDERBIRD_ON_SL5_X.NASL", "MACOSX_FIREFOX_38_6_ESR.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0310-1", "OPENSUSE-SU-2016:0306-1", "OPENSUSE-SU-2016:0309-1", "SUSE-SU-2016:0334-1", "SUSE-SU-2016:0338-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0258", "ELSA-2016-0071"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3457-1:35F23", "DEBIAN:DSA-3491-1:35440"]}, {"type": "ubuntu", "idList": ["USN-2904-1", "USN-2880-1", "USN-2880-2"]}, {"type": "archlinux", "idList": ["ASA-201602-16"]}, {"type": "redhat", "idList": ["RHSA-2016:0258"]}, {"type": "mozilla", "idList": ["MFSA2016-01", "MFSA2016-03"]}, {"type": "freebsd", "idList": ["4F00DAC0-1E18-4481-95AF-7AAAD63FD303"]}, {"type": "kaspersky", "idList": ["KLA10748"]}, {"type": "gentoo", "idList": ["GLSA-201605-06"]}], "modified": "2019-08-13T18:46:10", "rev": 2}, "vulnersScore": 8.6}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "firefox", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-38.6.0-1.el5_11.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc", "packageName": "firefox", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-38.6.0-1.el7_2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390", "packageName": "firefox", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-38.6.0-1.el5_11.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "firefox", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-38.6.0-1.el5_11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "firefox", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-38.6.0-1.el7_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "firefox", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-38.6.0-1.el5_11.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64", "packageName": "firefox", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-38.6.0-1.el7_2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageName": "firefox", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-38.6.0-1.el5_11.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-debuginfo-38.6.0-1.el6_7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "firefox", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-38.6.0-1.el7_2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "i686", "packageName": "firefox", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-38.6.0-1.el7_2.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "i686", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390", "packageName": "firefox", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-38.6.0-1.el7_2.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-debuginfo-38.6.0-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "firefox", "packageVersion": "38.6.0-1.el5_11", "packageFilename": "firefox-38.6.0-1.el5_11.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "firefox", "packageVersion": "38.6.0-1.el6_7", "packageFilename": "firefox-38.6.0-1.el6_7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "firefox-debuginfo", "packageVersion": "38.6.0-1.el7_2", "packageFilename": "firefox-debuginfo-38.6.0-1.el7_2.s390x.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-12-28T13:09:35", "bulletinFamily": "NVD", "description": "Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.", "modified": "2019-12-27T16:08:00", "id": "CVE-2016-1935", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1935", "published": "2016-01-31T18:59:00", "title": "CVE-2016-1935", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-28T13:09:35", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "modified": "2019-12-27T16:08:00", "id": "CVE-2016-1930", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1930", "published": "2016-01-31T18:59:00", "title": "CVE-2016-1930", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:05:35", "bulletinFamily": "unix", "description": "XULRunner was updated to 38.6.0 to fix two security issues.\n\n The following vulnerabilities were fixed:\n\n * CVE-2016-1930: Miscellaneous memory safety hazards (boo#963632)\n * CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation\n (boo#963635)\n\n", "modified": "2016-02-02T02:14:21", "published": "2016-02-02T02:14:21", "id": "OPENSUSE-SU-2016:0310-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html", "type": "suse", "title": "Security update for xulrunner (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:23:07", "bulletinFamily": "unix", "description": "This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss\n fixes the following issues: (bsc#963520)\n\n Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to\n 3.20.2.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632)\n - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation\n (bsc#963635)\n - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network\n Security Services (NSS) canproduce wrong results (bsc#963731)\n\n The following improvements were added:\n\n - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites\n - Tracking protection is now enabled by default\n - bsc#964332: Fixed leaking file descriptors inside FIPS selfcheck code\n\n", "modified": "2016-02-04T19:16:05", "published": "2016-02-04T19:16:05", "id": "SUSE-SU-2016:0338-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", "type": "suse", "title": "Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:15", "bulletinFamily": "unix", "description": "This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss\n fixes the following issues: (bsc#963520)\n\n Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to\n 3.20.2.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632)\n - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation\n (bsc#963635)\n - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network\n Security Services (NSS) canproduce wrong results (bsc#963731)\n\n The following improvements were added:\n\n - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites\n - Tracking protection is now enabled by default\n\n", "modified": "2016-02-04T19:11:54", "published": "2016-02-04T19:11:54", "id": "SUSE-SU-2016:0334-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00006.html", "type": "suse", "title": "Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:16:05", "bulletinFamily": "unix", "description": "This update to MozillaFirefox fixes several security issues and bugs.\n\n Mozilla Firefox was updated to 44.0. Mozilla NSS was updated to 3.21\n Mozilla NSPR was updated to 4.11.\n\n The following vulnerabilities were fixed:\n\n * CVE-2016-1930/CVE-2016-1931: Miscellaneous memory safety hazards\n (boo#963633)\n * CVE-2016-1933: Out of Memory crash when parsing GIF format images\n (boo#963634)\n * CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation\n (boo#963635)\n * CVE-2015-7208/CVE-2016-1939: Firefox allows for control characters to be\n set in cookie names (boo#963637)\n * CVE-2016-1937: Missing delay following user click events in protocol\n handler dialog (boo#963641)\n * CVE-2016-1938: Errors in mp_div and mp_exptmod cryptographic functions\n in NSS (boo#963731)\n * CVE-2016-1942/CVE-2016-1943: Addressbar spoofing attacks (boo#963643)\n * CVE-2016-1944/CVE-2016-1945/CVE-2016-1946: Unsafe memory manipulation\n found through code inspection (boo#963644)\n * CVE-2016-1947: Application Reputation service disabled in Firefox 43\n (boo#963645)\n\n The following change from Mozilla Firefox 43.0.4 is included:\n\n * Re-enable SHA-1 certificates to prevent outdated man-in-the-middle\n security devices from interfering with properly secured SSL/TLS\n connections\n\n", "modified": "2016-02-02T02:12:22", "published": "2016-02-02T02:12:22", "id": "OPENSUSE-SU-2016:0309-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", "type": "suse", "title": "Security update for the MozillaFirefox, mozilla-nss and mozilla-nspr (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:49", "bulletinFamily": "unix", "description": "This update fixes the following security related issues by updating\n packages to a more recent version:\n\n Update of NSPR to 4.11 Update of NSS to 3.21 Update of Firefox to 44.0\n * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 Miscellaneous memory safety\n hazards\n * MFSA 2016-02/CVE-2016-1933 (bmo#1231761) Out of Memory crash when\n parsing GIF format images\n * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) Buffer overflow in WebGL\n after out of memory allocation\n * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784)\n Firefox allows for control characters to be set in cookie names\n * MFSA 2016-06/CVE-2016-1937 (bmo#724353) Missing delay following user\n click events in protocol handler dialog\n * MFSA 2016-07/CVE-2016-1938 (bmo#1190248) Errors in mp_div and\n mp_exptmod cryptographic functions in NSS (fixed by requiring NSS 3.21)\n * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)\n Addressbar spoofing attacks\n * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946 (bmo#1186621,\n bmo#1214782, bmo#1232096) Unsafe memory manipulation found through\n code inspection\n * MFSA 2016-11/CVE-2016-1947 (bmo#1237103) Application Reputation\n service disabled in Firefox 43\n\n", "modified": "2016-02-02T02:11:37", "published": "2016-02-02T02:11:37", "id": "OPENSUSE-SU-2016:0306-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:35:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-02-19T00:00:00", "id": "OPENVAS:1361412562310871562", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871562", "title": "RedHat Update for thunderbird RHSA-2016:0258-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2016:0258-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871562\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-19 06:17:58 +0100 (Fri, 19 Feb 2016)\");\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for thunderbird RHSA-2016:0258-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.6.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.6.0, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux\nDesktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0258-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-February/msg00036.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.6.0~1.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~38.6.0~1.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:19", "bulletinFamily": "scanner", "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2016-01-28T00:00:00", "id": "OPENVAS:1361412562310882383", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882383", "title": "CentOS Update for firefox CESA-2016:0071 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:0071 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882383\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-28 06:32:49 +0100 (Thu, 28 Jan 2016)\");\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:0071 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web\nbrowser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0071\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-January/021634.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~38.6.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:51", "bulletinFamily": "scanner", "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2016-02-19T00:00:00", "id": "OPENVAS:1361412562310882402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882402", "title": "CentOS Update for thunderbird CESA-2016:0258 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:0258 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882402\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-19 06:18:40 +0100 (Fri, 19 Feb 2016)\");\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:0258 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.6.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.6.0, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0258\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-February/021707.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.6.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:22", "bulletinFamily": "scanner", "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2016-01-28T00:00:00", "id": "OPENVAS:1361412562310882382", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882382", "title": "CentOS Update for firefox CESA-2016:0071 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:0071 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882382\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-28 06:32:45 +0100 (Thu, 28 Jan 2016)\");\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:0071 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web\nbrowser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0071\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-January/021629.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~38.6.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2016-0258", "modified": "2019-03-14T00:00:00", "published": "2016-02-22T00:00:00", "id": "OPENVAS:1361412562310122885", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122885", "title": "Oracle Linux Local Check: ELSA-2016-0258", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0258.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122885\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-22 07:34:20 +0200 (Mon, 22 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0258\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0258 - thunderbird security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0258\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0258.html\");\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.6.0~1.0.1.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.6.0~1.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.6.0~1.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:12:35", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla\n Firefox ESR and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-01-29T00:00:00", "id": "OPENVAS:1361412562310807050", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807050", "title": "Mozilla Firefox ESR Multiple Vulnerabilities - Jan16 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities - Jan16 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807050\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-1935\", \"CVE-2016-1930\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-29 10:46:42 +0530 (Fri, 29 Jan 2016)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities - Jan16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Firefox ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - A buffer-overflow vulnerability.\n\n - A memory-corruption vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow for\n arbitrary code execution in the context of the logged on user or vulnerable\n application, crash the affected application.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 38.x\n before 38.6 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version\n 38.6 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://msisac.cisecurity.org/advisories/2016/2016-018.cfm\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(ffVer =~ \"^38\")\n{\n if(version_is_less(version:ffVer, test_version:\"38.6\"))\n {\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"38.6\");\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:38", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-01-28T00:00:00", "id": "OPENVAS:1361412562310871550", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871550", "title": "RedHat Update for firefox RHSA-2016:0071-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2016:0071-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871550\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-28 06:32:26 +0100 (Thu, 28 Jan 2016)\");\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2016:0071-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web\nbrowser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\");\n script_tag(name:\"affected\", value:\"firefox on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0071-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-January/msg00040.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~38.6.0~1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~38.6.0~1.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~38.6.0~1.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~38.6.0~1.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~38.6.0~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~38.6.0~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:37", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-02-02T00:00:00", "id": "OPENVAS:1361412562310851186", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851186", "title": "openSUSE: Security Advisory for xulrunner (openSUSE-SU-2016:0310-1)", "type": "openvas", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851186\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-02-02 17:17:04 +0100 (Tue, 02 Feb 2016)\");\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for xulrunner (openSUSE-SU-2016:0310-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xulrunner'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"XULRunner was updated to 38.6.0 to fix two security issues.\n\n The following vulnerabilities were fixed:\n\n * CVE-2016-1930: Miscellaneous memory safety hazards (boo#963632)\n\n * CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation\n (boo#963635)\");\n\n script_tag(name:\"affected\", value:\"xulrunner on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:0310-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~38.6.0~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~38.6.0~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner-debugsource\", rpm:\"xulrunner-debugsource~38.6.0~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~38.6.0~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner-32bit\", rpm:\"xulrunner-32bit~38.6.0~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xulrunner-debuginfo-32bit\", rpm:\"xulrunner-debuginfo-32bit~38.6.0~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:05", "bulletinFamily": "scanner", "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2016-02-19T00:00:00", "id": "OPENVAS:1361412562310882400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882400", "title": "CentOS Update for thunderbird CESA-2016:0258 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:0258 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882400\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-19 06:18:33 +0100 (Fri, 19 Feb 2016)\");\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:0258 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.6.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.6.0, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0258\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-February/021706.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~38.6.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:33", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla\n Firefox ESR and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-01-29T00:00:00", "id": "OPENVAS:1361412562310807053", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807053", "title": "Mozilla Firefox ESR Multiple Vulnerabilities - Jan16 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Multiple Vulnerabilities - Jan16 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807053\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-1935\", \"CVE-2016-1930\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-29 11:03:21 +0530 (Fri, 29 Jan 2016)\");\n script_name(\"Mozilla Firefox ESR Multiple Vulnerabilities - Jan16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Firefox ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - A buffer-overflow vulnerability.\n\n - A memory-corruption vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow for\n arbitrary code execution in the context of the logged on user or vulnerable\n application, crash the affected application.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version 38.x\n before 38.6 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version\n 38.6 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://msisac.cisecurity.org/advisories/2016/2016-018.cfm\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(ffVer =~ \"^38\")\n{\n if(version_is_less(version:ffVer, test_version:\"38.6\"))\n {\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"38.6\");\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-07-01T01:01:19", "bulletinFamily": "scanner", "description": "Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christian Holler, Nils\nOhlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and\nAki Helin as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.6.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "modified": "2020-07-02T00:00:00", "id": "CENTOS_RHSA-2016-0071.NASL", "href": "https://www.tenable.com/plugins/nessus/88419", "published": "2016-01-28T00:00:00", "title": "CentOS 5 / 6 / 7 : firefox (CESA-2016:0071)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0071 and \n# CentOS Errata and Security Advisory 2016:0071 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88419);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2020/02/18\");\n\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_xref(name:\"RHSA\", value:\"2016:0071\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : firefox (CESA-2016:0071)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christian Holler, Nils\nOhlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and\nAki Helin as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.6.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-January/021629.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4d91b15\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-January/021631.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf83a8d1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-January/021634.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65928a2c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1930\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-38.6.0-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-38.6.0-1.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"firefox-38.6.0-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T02:47:23", "bulletinFamily": "scanner", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-1930, CVE-2016-1935)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.", "modified": "2016-01-28T00:00:00", "id": "SL_20160127_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/88452", "published": "2016-01-28T00:00:00", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160127)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88452);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160127)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-1930, CVE-2016-1935)\n\nAfter installing the update, Firefox must be restarted for the changes\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1601&L=scientific-linux-errata&F=&S=&P=12845\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4031c9a3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-38.6.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-38.6.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-38.6.0-1.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-38.6.0-1.el6_7\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-38.6.0-1.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-38.6.0-1.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-01T02:45:10", "bulletinFamily": "scanner", "description": "The version of Firefox ESR installed on the remote Mac OS X host is\nprior to 38.6. It is, therefore, affected by the following\nvulnerabilities :\n\n - Multiple unspecified memory corruption issues exist that\n allow a remote attacker to execute arbitrary code.\n (CVE-2016-1930)\n\n - A buffer overflow condition exists in WebGL that is\n triggered when handling cache out-of-memory error\n conditions. A remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-1935)", "modified": "2020-07-02T00:00:00", "id": "MACOSX_FIREFOX_38_6_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/88458", "published": "2016-01-28T00:00:00", "title": "Firefox ESR < 38.6 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88458);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_xref(name:\"MFSA\", value:\"2016-01\");\n script_xref(name:\"MFSA\", value:\"2016-03\");\n\n script_name(english:\"Firefox ESR < 38.6 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Mac OS X host is\nprior to 38.6. It is, therefore, affected by the following\nvulnerabilities :\n\n - Multiple unspecified memory corruption issues exist that\n allow a remote attacker to execute arbitrary code.\n (CVE-2016-1930)\n\n - A buffer overflow condition exists in WebGL that is\n triggered when handling cache out-of-memory error\n conditions. A remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-1935)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox ESR version 38.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'38.6', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:40", "bulletinFamily": "scanner", "description": "XULRunner was updated to 38.6.0 to fix two security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2016-1930: Miscellaneous memory safety hazards\n (boo#963632)\n\n - CVE-2016-1935: Buffer overflow in WebGL after out of\n memory allocation (boo#963635)", "modified": "2016-02-03T00:00:00", "id": "OPENSUSE-2016-127.NASL", "href": "https://www.tenable.com/plugins/nessus/88548", "published": "2016-02-03T00:00:00", "title": "openSUSE Security Update : xulrunner (openSUSE-2016-127)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-127.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88548);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n\n script_name(english:\"openSUSE Security Update : xulrunner (openSUSE-2016-127)\");\n script_summary(english:\"Check for the openSUSE-2016-127 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"XULRunner was updated to 38.6.0 to fix two security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2016-1930: Miscellaneous memory safety hazards\n (boo#963632)\n\n - CVE-2016-1935: Buffer overflow in WebGL after out of\n memory allocation (boo#963635)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963635\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xulrunner packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xulrunner-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"xulrunner-38.6.0-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"xulrunner-debuginfo-38.6.0-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"xulrunner-debugsource-38.6.0-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"xulrunner-devel-38.6.0-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"xulrunner-32bit-38.6.0-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"xulrunner-debuginfo-32bit-38.6.0-10.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xulrunner-32bit / xulrunner / xulrunner-debuginfo-32bit / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-01T03:00:43", "bulletinFamily": "scanner", "description": "The version of Firefox ESR installed on the remote Windows host is\nprior to 38.6. It is, therefore, affected by the following\nvulnerabilities :\n\n - Multiple unspecified memory corruption issues exist that\n allow a remote attacker to execute arbitrary code.\n (CVE-2016-1930)\n\n - A buffer overflow condition exists in WebGL that is\n triggered when handling cache out-of-memory error\n conditions. A remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-1935)", "modified": "2020-07-02T00:00:00", "id": "MOZILLA_FIREFOX_38_6_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/88460", "published": "2016-01-28T00:00:00", "title": "Firefox ESR < 38.6 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88460);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_xref(name:\"MFSA\", value:\"2016-01\");\n script_xref(name:\"MFSA\", value:\"2016-03\");\n\n script_name(english:\"Firefox ESR < 38.6 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Windows host is\nprior to 38.6. It is, therefore, affected by the following\nvulnerabilities :\n\n - Multiple unspecified memory corruption issues exist that\n allow a remote attacker to execute arbitrary code.\n (CVE-2016-1930)\n\n - A buffer overflow condition exists in WebGL that is\n triggered when handling cache out-of-memory error\n conditions. A remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-1935)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Firefox ESR version 38.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'38.6', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-31T20:09:29", "bulletinFamily": "scanner", "description": "Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christian Holler, Nils\nOhlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and\nAki Helin as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.6.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "modified": "2016-01-27T00:00:00", "id": "REDHAT-RHSA-2016-0071.NASL", "href": "https://www.tenable.com/plugins/nessus/88406", "published": "2016-01-27T00:00:00", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2016:0071)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0071. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88406);\n script_version(\"2.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_xref(name:\"RHSA\", value:\"2016:0071\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : firefox (RHSA-2016:0071)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christian Holler, Nils\nOhlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and\nAki Helin as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.6.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b5eaff4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1930\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0071\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-38.6.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-38.6.0-1.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-38.6.0-1.el6_7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-38.6.0-1.el6_7\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-38.6.0-1.el7_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-38.6.0-1.el7_2\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-31T19:57:56", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2016:0071 :\n\nUpdated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christian Holler, Nils\nOhlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and\nAki Helin as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.6.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.", "modified": "2016-01-28T00:00:00", "id": "ORACLELINUX_ELSA-2016-0071.NASL", "href": "https://www.tenable.com/plugins/nessus/88443", "published": "2016-01-28T00:00:00", "title": "Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0071)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0071 and \n# Oracle Linux Security Advisory ELSA-2016-0071 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88443);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n script_xref(name:\"RHSA\", value:\"2016:0071\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0071)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2016:0071 :\n\nUpdated firefox packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the\nXUL Runtime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Bob Clary, Christian Holler, Nils\nOhlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and\nAki Helin as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which\ncontain Firefox version 38.6.0 ESR, which corrects these issues. After\ninstalling the update, Firefox must be restarted for the changes to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-January/005722.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-January/005723.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-January/005724.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-38.6.0-1.0.1.el5_11\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-38.6.0-1.0.1.el6_7\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-38.6.0-1.0.1.el7_2\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:54", "bulletinFamily": "scanner", "description": "This update Mozilla Thunderbird 38.6.0 fixes the following\nissues(boo#963520) :\n\n - CVE-2016-1930: Miscellaneous memory safety hazards\n (boo#963632)\n\n - CVE-2016-1935: Buffer overflow in WebGL after out of\n memory allocation (boo#963635)\n\nThe following upstream fixes are included :\n\n - Filters ran on a different folder than selected", "modified": "2016-02-18T00:00:00", "id": "OPENSUSE-2016-222.NASL", "href": "https://www.tenable.com/plugins/nessus/88827", "published": "2016-02-18T00:00:00", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2016-222)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-222.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88827);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2016-222)\");\n script_summary(english:\"Check for the openSUSE-2016-222 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update Mozilla Thunderbird 38.6.0 fixes the following\nissues(boo#963520) :\n\n - CVE-2016-1930: Miscellaneous memory safety hazards\n (boo#963632)\n\n - CVE-2016-1935: Buffer overflow in WebGL after out of\n memory allocation (boo#963635)\n\nThe following upstream fixes are included :\n\n - Filters ran on a different folder than selected\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963635\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaThunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-38.6.0-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-buildsymbols-38.6.0-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-debuginfo-38.6.0-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-debugsource-38.6.0-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-devel-38.6.0-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-translations-common-38.6.0-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-translations-other-38.6.0-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-38.6.0-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-buildsymbols-38.6.0-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-debuginfo-38.6.0-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-debugsource-38.6.0-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-devel-38.6.0-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-translations-common-38.6.0-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-translations-other-38.6.0-10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-buildsymbols / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T02:47:23", "bulletinFamily": "scanner", "description": "Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2016-1930, CVE-2016-1935)\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.", "modified": "2016-02-19T00:00:00", "id": "SL_20160218_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/88860", "published": "2016-02-19T00:00:00", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20160218)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88860);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20160218)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2016-1930, CVE-2016-1935)\n\nAfter installing the update, Thunderbird must be restarted for the\nchanges to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1602&L=scientific-linux-errata&F=&S=&P=16159\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5b464e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-38.6.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-38.6.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-38.6.0-1.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-38.6.0-1.el6_7\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-38.6.0-1.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-38.6.0-1.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-01T04:27:20", "bulletinFamily": "scanner", "description": "This update for MozillaFirefox, MozillaFirefox-branding-SLE,\nmozilla-nss fixes the following issues: (bsc#963520)\n\nMozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to\n3.20.2.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR\n 38.6 (bsc#963632)\n\n - CVE-2016-1935: Buffer overflow in WebGL after out of\n memory allocation (bsc#963635)\n\n - CVE-2016-1938: Calculations with mp_div and mp_exptmod\n in Network Security Services (NSS) canproduce wrong\n results (bsc#963731)\n\nThe following improvements were added :\n\n - bsc#954447: Mozilla NSS now supports a number of new DHE\n ciphersuites\n\n - Tracking protection is now enabled by default\n\n - bsc#964332: Fixed leaking file descriptors inside FIPS\n selfcheck code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-07-02T00:00:00", "id": "SUSE_SU-2016-0338-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88620", "published": "2016-02-08T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss (SUSE-SU-2016:0338-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0338-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88620);\n script_version(\"2.15\");\n script_cvs_date(\"Date: 2019/09/11 11:22:13\");\n\n script_cve_id(\"CVE-2016-1930\", \"CVE-2016-1935\", \"CVE-2016-1938\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss (SUSE-SU-2016:0338-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox, MozillaFirefox-branding-SLE,\nmozilla-nss fixes the following issues: (bsc#963520)\n\nMozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to\n3.20.2.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR\n 38.6 (bsc#963632)\n\n - CVE-2016-1935: Buffer overflow in WebGL after out of\n memory allocation (bsc#963635)\n\n - CVE-2016-1938: Calculations with mp_div and mp_exptmod\n in Network Security Services (NSS) canproduce wrong\n results (bsc#963731)\n\nThe following improvements were added :\n\n - bsc#954447: Mozilla NSS now supports a number of new DHE\n ciphersuites\n\n - Tracking protection is now enabled by default\n\n - bsc#964332: Fixed leaking file descriptors inside FIPS\n selfcheck code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1930/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1935/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1938/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160338-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac3242a3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-199=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-199=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-199=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-199=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-199=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-199=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-branding-SLE-31.0-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debugsource-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-translations-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-hmac-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-hmac-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-certs-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-certs-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-debugsource-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-sysinit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-sysinit-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-tools-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-tools-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libfreebl3-hmac-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsoftokn3-hmac-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-certs-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-sysinit-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-branding-SLE-31.0-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debuginfo-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debugsource-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-translations-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-hmac-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-hmac-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-certs-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-certs-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-debugsource-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-sysinit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-sysinit-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-tools-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-tools-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libfreebl3-hmac-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsoftokn3-hmac-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-certs-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-sysinit-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLE-31.0-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsoftokn3-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-debugsource-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"MozillaFirefox-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"MozillaFirefox-branding-SLE-31.0-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-38.6.0esr-57.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libfreebl3-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsoftokn3-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-debugsource-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.20.2-37.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"mozilla-nss-tools-debuginfo-3.20.2-37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-SLE / mozilla-nss\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:52", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:0071\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 38.6.0 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/033667.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/033669.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/033672.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0071.html", "modified": "2016-01-27T13:57:23", "published": "2016-01-27T13:24:01", "href": "http://lists.centos.org/pipermail/centos-announce/2016-January/033667.html", "id": "CESA-2016:0071", "title": "firefox security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:26", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:0258\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.6.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.6.0, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-February/033744.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-February/033745.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-February/033746.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0258.html", "modified": "2016-02-19T04:09:41", "published": "2016-02-18T17:19:24", "id": "CESA-2016:0258", "href": "http://lists.centos.org/pipermail/centos-announce/2016-February/033744.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "unix", "description": "[38.6.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[38.6.0-1]\n- Update to 38.6.0 ESR", "modified": "2016-01-27T00:00:00", "published": "2016-01-27T00:00:00", "id": "ELSA-2016-0071", "href": "http://linux.oracle.com/errata/ELSA-2016-0071.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:59", "bulletinFamily": "unix", "description": "[38.6.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[38.6.0-1]\n- Update to 38.6.0", "modified": "2016-02-18T00:00:00", "published": "2016-02-18T00:00:00", "id": "ELSA-2016-0258", "href": "http://linux.oracle.com/errata/ELSA-2016-0258.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:27", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3457-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 27, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nCVE ID : CVE-2015-7575 CVE-2016-1930 CVE-2016-1935\n\nMultiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and a\nbuffer overflow may lead to the execution of arbitrary code. In addition\nthe bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 38.6.0esr-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.6.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0-1.\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-01-27T21:00:26", "published": "2016-01-27T21:00:26", "id": "DEBIAN:DSA-3457-1:35F23", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00027.html", "title": "[SECURITY] [DSA 3457-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:23:07", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3491-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 24, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2015-7575 CVE-2016-1523 CVE-2016-1930 CVE-2016-1935\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\ninteger overflows, buffer overflows and other implementation errors may\nlead to the execution of arbitrary code or denial of service.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 38.6.0-1~deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 38.6.0-1~deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 38.6.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 38.6.0-1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-02-24T22:03:41", "published": "2016-02-24T22:03:41", "id": "DEBIAN:DSA-3491-1:35440", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00061.html", "title": "[SECURITY] [DSA 3491-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-12-11T13:32:18", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-1930, CVE-2016-1935)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary\nKwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the\noriginal reporters of these issues.\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Thunderbird 38.6.0. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Thunderbird users should upgrade to this updated package, which\ncontains Thunderbird version 38.6.0, which corrects these issues. After\ninstalling the update, Thunderbird must be restarted for the changes to\ntake effect.\n", "modified": "2018-06-06T20:24:29", "published": "2016-02-18T05:00:00", "id": "RHSA-2016:0258", "href": "https://access.redhat.com/errata/RHSA-2016:0258", "type": "redhat", "title": "(RHSA-2016:0258) Important: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "description": "- CVE-2015-7575 (man-in-the-middle):\n\nSecurity researcher Karthikeyan Bhargavan reported an issue in Network\nSecurity Services (NSS) where MD5 signatures in the server signature\nwithin the TLS 1.2 ServerKeyExchange message are still accepted. This is\nan issue since NSS has officially disallowed the accepting MD5 as a hash\nalgorithm in signatures since 2011. This issues exposes NSS based\nclients such as Firefox to theoretical collision-based forgery attacks.\nThis issue was fixed in NSS version 3.20.2.\n\n- CVE-2016-1523 (remote code execution):\n\nSecurity researcher Holger Fuhrmannek reported that a malicious Graphite\n"smart font" could circumvent the validation of internal instruction\nparameters in the Graphite 2 library using special CNTXT_ITEM\ninstructions. This could result in arbitrary code execution.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or\nbrowser-like contexts.\n\n- CVE-2016-1930 (remote code execution):\n\nBob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman,\nCarsten Book, and Randell Jesup reported memory safety problems and crashes.\n\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a\nrisk in browser or browser-like contexts.\n\n- CVE-2016-1931 (remote code execution):\n\nBob Clary, Carsten Book, Christian Holler, Nicolas Pierron, Eric\nRescorla, Tyson Smith, Gabor Krizsanits, and Randell Jesup reported\nmemory safety problems and crashes.\n\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a\nrisk in browser or browser-like contexts.\n\n- CVE-2016-1935 (remote code execution):\n\nSecurity researcher Aki Helin used the Address Sanitizer tool to find a\nbuffer overflow write when rendering some WebGL content. This leads to a\npotentially exploitable crash.\n\nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or\nbrowser-like contexts.", "modified": "2016-02-21T00:00:00", "published": "2016-02-21T00:00:00", "id": "ASA-201602-16", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html", "title": "thunderbird: multiple issues", "type": "archlinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:59", "bulletinFamily": "unix", "description": "Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly \nallowed MD5 to be used for TLS 1.2 connections. If a remote attacker were \nable to perform a man-in-the-middle attack, this flaw could be exploited to \nview sensitive information. (CVE-2015-7575)\n\nYves Younan discovered that graphite2 incorrectly handled certain malformed \nfonts. If a user were tricked into opening a specially crafted website in a \nbrowsing context, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitary code with the \nprivileges of the user invoking Thunderbird. (CVE-2016-1523)\n\nBob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, \nCarsten Book, and Randell Jesup discovered multiple memory safety issues \nin Thunderbird. If a user were tricked in to opening a specially crafted \nwebsite in a browsing context, an attacker could potentially exploit these \nto cause a denial of service via application crash, or execute arbitrary \ncode with the privileges of the user invoking Thunderbird. (CVE-2016-1930)\n\nAki Helin discovered a buffer overflow when rendering WebGL content in \nsome circumstances. If a user were tricked in to opening a specially \ncrafted website in a browsing context, an attacker could potentially \nexploit this to cause a denial of service via application crash, or \nexecute arbitrary code with the privileges of the user invoking \nThunderbird. (CVE-2016-1935)", "modified": "2016-03-08T00:00:00", "published": "2016-03-08T00:00:00", "id": "USN-2904-1", "href": "https://ubuntu.com/security/notices/USN-2904-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:42:17", "bulletinFamily": "unix", "description": "Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, \nCarsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, \nand Gabor Krizsanits discovered multiple memory safety issues in Firefox. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit these to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1930, CVE-2016-1931)\n\nGustavo Grieco discovered an out-of-memory crash when loading GIF images \nin some circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could exploit this to cause a denial of \nservice. (CVE-2016-1933)\n\nAki Helin discovered a buffer overflow when rendering WebGL content in \nsome circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Firefox. (CVE-2016-1935)\n\nIt was discovered that a delay was missing when focusing the protocol \nhandler dialog. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to conduct \nclickjacking attacks. (CVE-2016-1937)\n\nHanno B\u00f6ck discovered that calculations with mp_div and mp_exptmod in NSS \nproduce incorrect results in some circumstances, resulting in \ncryptographic weaknesses. (CVE-2016-1938)\n\nNicholas Hurley discovered that Firefox allows for control characters to \nbe set in cookie names. An attacker could potentially exploit this to \nconduct cookie injection attacks on some web servers. (CVE-2016-1939)\n\nIt was discovered that when certain invalid URLs are pasted in to the \naddressbar, the addressbar contents may be manipulated to show the \nlocation of arbitrary websites. An attacker could potentially exploit this \nto conduct URL spoofing attacks. (CVE-2016-1942)\n\nRonald Crane discovered three vulnerabilities through code inspection. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit these to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1944, CVE-2016-1945, CVE-2016-1946)\n\nFran\u00e7ois Marier discovered that Application Reputation lookups didn't \nwork correctly, disabling warnings for potentially malicious downloads. An \nattacker could potentially exploit this by tricking a user in to \ndownloading a malicious file. Other parts of the Safe Browsing feature \nwere unaffected by this. (CVE-2016-1947)", "modified": "2016-01-27T00:00:00", "published": "2016-01-27T00:00:00", "id": "USN-2880-1", "href": "https://ubuntu.com/security/notices/USN-2880-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:40:43", "bulletinFamily": "unix", "description": "USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a \nregression which caused Firefox to crash on startup with some configurations. \nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nBob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, \nCarsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, \nand Gabor Krizsanits discovered multiple memory safety issues in Firefox. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit these to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1930, CVE-2016-1931)\n\nGustavo Grieco discovered an out-of-memory crash when loading GIF images \nin some circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could exploit this to cause a denial of \nservice. (CVE-2016-1933)\n\nAki Helin discovered a buffer overflow when rendering WebGL content in \nsome circumstances. If a user were tricked in to opening a specially \ncrafted website, an attacker could potentially exploit this to cause a \ndenial of service via application crash, or execute arbitrary code with \nthe privileges of the user invoking Firefox. (CVE-2016-1935)\n\nIt was discovered that a delay was missing when focusing the protocol \nhandler dialog. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to conduct \nclickjacking attacks. (CVE-2016-1937)\n\nHanno B\u00f6ck discovered that calculations with mp_div and mp_exptmod in NSS \nproduce incorrect results in some circumstances, resulting in \ncryptographic weaknesses. (CVE-2016-1938)\n\nNicholas Hurley discovered that Firefox allows for control characters to \nbe set in cookie names. An attacker could potentially exploit this to \nconduct cookie injection attacks on some web servers. (CVE-2016-1939)\n\nIt was discovered that when certain invalid URLs are pasted in to the \naddressbar, the addressbar contents may be manipulated to show the \nlocation of arbitrary websites. An attacker could potentially exploit this \nto conduct URL spoofing attacks. (CVE-2016-1942)\n\nRonald Crane discovered three vulnerabilities through code inspection. If \na user were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit these to cause a denial of service via \napplication crash, or execute arbitrary code with the privileges of the \nuser invoking Firefox. (CVE-2016-1944, CVE-2016-1945, CVE-2016-1946)\n\nFran\u00e7ois Marier discovered that Application Reputation lookups didn't \nwork correctly, disabling warnings for potentially malicious downloads. An \nattacker could potentially exploit this by tricking a user in to \ndownloading a malicious file. Other parts of the Safe Browsing feature \nwere unaffected by this. (CVE-2016-1947)", "modified": "2016-02-08T00:00:00", "published": "2016-02-08T00:00:00", "id": "USN-2880-2", "href": "https://ubuntu.com/security/notices/USN-2880-2", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:52", "bulletinFamily": "software", "description": "Security researcher Aki Helin used the Address Sanitizer tool to find\na buffer overflow write when rendering some WebGL content. This leads to a potentially exploitable crash. \n\nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.", "modified": "2016-01-26T00:00:00", "published": "2016-01-26T00:00:00", "id": "MFSA2016-03", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2016-03/", "type": "mozilla", "title": "Buffer overflow in WebGL after out of memory allocation", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:47", "bulletinFamily": "software", "description": "Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.\n\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "modified": "2016-01-26T00:00:00", "published": "2016-01-26T00:00:00", "id": "MFSA2016-01", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2016-01/", "type": "mozilla", "title": "Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:50", "bulletinFamily": "unix", "description": "\nMozilla Foundation reports:\n\nMFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0\n\t / rv:38.6)\nMFSA 2016-02 Out of Memory crash when parsing GIF format\n\t images\nMFSA 2016-03 Buffer overflow in WebGL after out of memory\n\t allocation\nMFSA 2016-04 Firefox allows for control characters to be\n\t set in cookie names\nMFSA 2016-06 Missing delay following user click events in\n\t protocol handler dialog\nMFSA 2016-09 Addressbar spoofing attacks\nMFSA 2016-10 Unsafe memory manipulation found through\n\t code inspection\nMFSA 2016-11 Application Reputation service disabled in\n\t Firefox 43\n\n", "modified": "2016-03-08T00:00:00", "published": "2016-01-26T00:00:00", "id": "4F00DAC0-1E18-4481-95AF-7AAAD63FD303", "href": "https://vuxml.freebsd.org/freebsd/4f00dac0-1e18-4481-95af-7aaad63fd303.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:04", "bulletinFamily": "info", "description": "### *Detect date*:\n01/26/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, spoof user interface and execute arbitrary code.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 44 \nMozilla Firefox ESR versions earlier than 38.6\n\n### *Solution*:\nUpdate to the latest version \n[Download Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/faq/>) \n[Download Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla foundation security advisories](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2016-1948](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1948>)4.3Critical \n[CVE-2016-1947](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1947>)4.3Critical \n[CVE-2016-1946](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1946>)10.0Critical \n[CVE-2016-1945](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1945>)9.3Critical \n[CVE-2016-1944](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1944>)10.0Critical \n[CVE-2016-1943](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1943>)4.3Critical \n[CVE-2016-1942](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1942>)4.3Critical \n[CVE-2016-1941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1941>)4.3Critical \n[CVE-2016-1940](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1940>)5.0Critical \n[CVE-2016-1939](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1939>)5.0Critical \n[CVE-2016-1938](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938>)6.4Critical \n[CVE-2016-1937](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1937>)4.3Critical \n[CVE-2016-1935](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935>)9.3Critical \n[CVE-2016-1933](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1933>)4.3Critical \n[CVE-2016-1931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1931>)10.0Critical \n[CVE-2016-1930](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930>)10.0Critical", "modified": "2019-03-07T00:00:00", "published": "2016-01-26T00:00:00", "id": "KLA10748", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10748", "title": "\r KLA10748Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:10", "bulletinFamily": "unix", "description": "### Background\n\nMozilla Firefox is an open-source web browser, Mozilla Thunderbird an open-source email client, and the Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.22.2\"\n \n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-38.7.0\"\n \n\nAll users of the Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-38.7.0\"\n \n\nAll Firefox 38.7.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-38.7.0\"\n \n\nAll users of the Firefox 38.7.x binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-38.7.0\"", "modified": "2016-05-31T00:00:00", "published": "2016-05-31T00:00:00", "id": "GLSA-201605-06", "href": "https://security.gentoo.org/glsa/201605-06", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
