Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.FREEBSD_PKG_44D9DAEE940C417986BB6E3FFD617869.NASL
HistoryJul 16, 2015 - 12:00 a.m.

FreeBSD : mozilla -- multiple vulnerabilities (44d9daee-940c-4179-86bb-6e3ffd617869) (Logjam)

2015-07-1600:00:00
This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.974

Percentile

99.9%

JSON

The Mozilla Project reports :

MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)

MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs

MFSA 2015-61 Type confusion in Indexed Database Manager

MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio

MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error

MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly

MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest

MFSA 2015-66 Vulnerabilities found through code inspection

MFSA 2015-67 Key pinning is ignored when overridable errors are encountered

MFSA 2015-68 OS X crash reports may contain entered key press information

MFSA 2015-69 Privilege escalation through internal workers

MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites

MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2019 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(84780);
  script_version("2.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2015-2721",
    "CVE-2015-2722",
    "CVE-2015-2724",
    "CVE-2015-2725",
    "CVE-2015-2726",
    "CVE-2015-2727",
    "CVE-2015-2728",
    "CVE-2015-2729",
    "CVE-2015-2730",
    "CVE-2015-2731",
    "CVE-2015-2733",
    "CVE-2015-2734",
    "CVE-2015-2735",
    "CVE-2015-2736",
    "CVE-2015-2737",
    "CVE-2015-2738",
    "CVE-2015-2739",
    "CVE-2015-2740",
    "CVE-2015-2741",
    "CVE-2015-2742",
    "CVE-2015-2743",
    "CVE-2015-4000"
  );
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (44d9daee-940c-4179-86bb-6e3ffd617869) (Logjam)");

  script_set_attribute(attribute:"synopsis", value:
"The remote FreeBSD host is missing one or more security-related
updates.");
  script_set_attribute(attribute:"description", value:
"The Mozilla Project reports :

MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 /
rv:38.1)

MFSA 2015-60 Local files or privileged URLs in pages can be opened
into new tabs

MFSA 2015-61 Type confusion in Indexed Database Manager

MFSA 2015-62 Out-of-bound read while computing an oscillator rendering
range in Web Audio

MFSA 2015-63 Use-after-free in Content Policy due to microtask
execution error

MFSA 2015-64 ECDSA signature validation fails to handle some
signatures correctly

MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest

MFSA 2015-66 Vulnerabilities found through code inspection

MFSA 2015-67 Key pinning is ignored when overridable errors are
encountered

MFSA 2015-68 OS X crash reports may contain entered key press
information

MFSA 2015-69 Privilege escalation through internal workers

MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE
cipher suites

MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-60/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-61/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-62/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-63/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-64/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-67/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-68/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71/");
  # https://vuxml.freebsd.org/freebsd/44d9daee-940c-4179-86bb-6e3ffd617869.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?89f2cf85");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox-esr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:libxul");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-thunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"FreeBSD Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"firefox<39.0,1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"linux-firefox<39.0,1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"seamonkey<2.35")) flag++;
if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey<2.35")) flag++;
if (pkg_test(save_report:TRUE, pkg:"firefox-esr<31.8.0,1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"firefox-esr>=38.0,1<38.1.0,1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"libxul<31.8.0")) flag++;
if (pkg_test(save_report:TRUE, pkg:"libxul>=38.0<38.1.0")) flag++;
if (pkg_test(save_report:TRUE, pkg:"thunderbird<31.8.0")) flag++;
if (pkg_test(save_report:TRUE, pkg:"thunderbird>=38.0<38.1.0")) flag++;
if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird<31.8.0")) flag++;
if (pkg_test(save_report:TRUE, pkg:"linux-thunderbird>=38.0<38.1.0")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References

Related

openvas 52
freebsd 1
nessus 39
veracode 16
suse 6
ubuntu 4
archlinux 2
securityvulns 1
mageia 2
kaspersky 1
oraclelinux 4
redhat 4
centos 4
debian 5
osv 3
mozilla 6
ibm 3
ubuntucve 9
prion 11
nvd 10
cvelist 9
cve 7
openvas
openvas
Ubuntu: Security Advisory (USN-2656-1)
2015-07-10 00:00:00
Oracle: Security Advisory (ELSA-2015-1207)
2015-10-06 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 (Jul 2015) - Mac OS X
2015-07-08 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-07-02 00:00:00
nessus
nessus
Mozilla Firefox < 39.0 Multiple Vulnerabilities
2015-09-09 00:00:00
Firefox ESR < 38.1 Multiple Vulnerabilities (Mac OS X) (Logjam)
2015-07-07 00:00:00
Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1207)
2015-07-06 00:00:00
veracode
veracode
Buffer Overflow
2019-05-02 05:40:24
Out-of-bounds Read
2019-05-02 05:40:22
Buffer Overflow
2019-05-02 05:40:24
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2015-07-13 11:07:56
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2015-07-20 11:08:17
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2015-07-20 12:08:39
ubuntu
ubuntu
Firefox vulnerabilities
2015-07-15 00:00:00
Firefox vulnerabilities
2015-07-09 00:00:00
Thunderbird vulnerabilities
2015-07-20 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-07-03 00:00:00
thunderbird: multiple issues
2015-07-11 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-07-13 00:00:00
mageia
mageia
Updated firefox package fixes security vulnerability
2015-07-05 20:22:03
Updated thunderbird package fixes security vulnerabilities
2015-07-27 20:18:02
kaspersky
kaspersky
KLA10622 Multiple vulnerabilities in Mozilla products
2015-07-02 00:00:00
oraclelinux
oraclelinux
firefox security update
2015-07-03 00:00:00
thunderbird security update
2015-07-20 00:00:00
nss security, bug fix, and enhancement update
2015-08-24 00:00:00
redhat
redhat
(RHSA-2015:1207) Critical: firefox security update
2015-07-02 00:00:00
(RHSA-2015:1455) Important: thunderbird security update
2015-07-20 00:00:00
(RHSA-2015:1664) Moderate: nss security, bug fix, and enhancement update
2015-08-24 00:00:00
centos
centos
firefox security update
2015-07-06 14:50:33
thunderbird security update
2015-07-20 18:55:36
nss security update
2015-08-24 18:12:13
debian
debian
[SECURITY] [DSA 3300-1] iceweasel security update
2015-07-03 22:06:18
[SECURITY] [DSA 3324-1] icedove security update
2015-08-01 17:09:46
[SECURITY] [DLA 315-1] nss security update
2015-09-27 11:36:03
osv
osv
iceweasel - security update
2015-07-04 00:00:00
nss - security update
2015-09-27 00:00:00
nss - security update
2015-08-17 00:00:00
mozilla
mozilla
Vulnerabilities found through code inspection — Mozilla
2015-07-02 00:00:00
Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1) — Mozilla
2015-07-02 00:00:00
Use-after-free in workers while using XMLHttpRequest — Mozilla
2015-07-02 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox in IBM Storwize V7000 Unified
2018-06-18 00:09:54
Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS
2018-06-18 00:09:55
Security Bulletin: Vulnerability in Network Security Services (NSS) affects IBM SAN Volume Controller and Storwize Family (CVE-2015-2730)
2023-03-29 01:48:02
ubuntucve
ubuntucve
CVE-2015-2742
2015-07-06 00:00:00
CVE-2015-2741
2015-07-05 00:00:00
CVE-2015-2740
2015-07-05 00:00:00
prion
prion
Information disclosure
2015-07-06 02:01:00
Buffer overflow
2015-07-06 02:01:00
Design/Logic Flaw
2015-07-06 02:01:00
nvd
nvd
CVE-2015-2742
2015-07-06 02:01:10
CVE-2015-2733
2015-07-06 02:01:02
CVE-2015-2743
2015-07-06 02:01:11
cvelist
cvelist
CVE-2015-2742
2015-07-06 01:00:00
CVE-2015-2738
2015-07-06 01:00:00
CVE-2015-2733
2015-07-06 01:00:00
cve
cve
CVE-2015-2742
2015-07-06 02:01:10
CVE-2015-2736
2015-07-06 02:01:05
CVE-2015-2743
2015-07-06 02:01:11

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.974

Percentile

99.9%

JSON
Related for FREEBSD_PKG_44D9DAEE940C417986BB6E3FFD617869.NASL
openvas52freebsd1nessus39veracode16suse6ubuntu4archlinux2securityvulns1mageia2kaspersky1oraclelinux4redhat4centos4debian5osv3mozilla6ibm3ubuntucve9prion11nvd10cvelist9cve7