Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.MOZILLA_FIREFOX_49_0.NASL
HistoryOct 05, 2018 - 12:00 a.m.

Mozilla Firefox < 49 Multiple Vulnerabilities

2018-10-0500:00:00
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

EPSS

0.082

Percentile

94.4%

JSON

The version of Mozilla Firefox installed on the remote Windows host is prior to 49. It is, therefore, affected by multiple vulnerabilities as noted in Mozilla Firefox stable channel update release notes for 2016/09/20. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(117941);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/01");

  script_cve_id(
    "CVE-2016-2827",
    "CVE-2016-5256",
    "CVE-2016-5257",
    "CVE-2016-5270",
    "CVE-2016-5271",
    "CVE-2016-5272",
    "CVE-2016-5273",
    "CVE-2016-5274",
    "CVE-2016-5275",
    "CVE-2016-5276",
    "CVE-2016-5277",
    "CVE-2016-5278",
    "CVE-2016-5279",
    "CVE-2016-5280",
    "CVE-2016-5281",
    "CVE-2016-5282",
    "CVE-2016-5283",
    "CVE-2016-5284"
  );

  script_name(english:"Mozilla Firefox < 49 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote Windows host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Mozilla Firefox installed on the remote Windows host is
prior to 49. It is, therefore, affected by multiple vulnerabilities as
noted in Mozilla Firefox stable channel update release notes for
2016/09/20. Please refer to the release notes for additional
information. Note that Nessus has not attempted to exploit these
issues but has instead relied only on the application's self-reported
version number.");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1249522
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a71b5c71");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1268034
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?27887241");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1276413
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4caa1ed8");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1277213
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?32eb4c7a");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1280387
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5ef629bf");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1282076
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8865b1d7");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1282746
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?160280d4");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1284690
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5dbbf44e");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1287204
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?54ac5d09");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1287316
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d3bfda65");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1287721
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5d89bb27");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1288555
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f45fb2ce");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1288588
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?47a40c69");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1288780
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0baaaa08");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1288946
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1181d174");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1289085
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2269f975");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1289280
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b74c22ad");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1289970
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7882d62d");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1290244
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e281edf");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1291016
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?117622e5");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1291665
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4b353376");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1293347
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6207b3c0");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1294095
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7e04baf7");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1294407
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?527385b7");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1294677
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?40b8f022");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1296078
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0d9488e8");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1296087
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c74b0ed3");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1297099
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8e935ffb");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=129793
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d5be7ccc");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1303127
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c34feae8");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=928187
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c773d903");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=932335
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8e86e0c1");
  # https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8b727e4e");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Firefox version 49 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5281");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Firefox/Version");

  exit(0);
}

include("mozilla_version.inc");

port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");

mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'49', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

archlinux 1
openvas 32
nessus 23
suse 5
mozilla 3
freebsd 1
ubuntu 2
mageia 3
kaspersky 2
ibm 2
oraclelinux 2
debian 4
centos 2
redhat 2
threatpost 1
ubuntucve 15
cvelist 16
prion 15
nvd 15
redhatcve 15
debiancve 16
cve 14
veracode 7
osv 1
archlinux
archlinux
[ASA-201609-22] firefox: multiple issues
2016-09-22 00:00:00
openvas
openvas
openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:2368-1)
2016-09-25 00:00:00
Mozilla Firefox Security Advisory (MFSA2016-85) - Linux
2021-11-08 00:00:00
Mozilla Firefox Security Advisories (MFSA2016-85, MFSA2016-86) - Mac OS X
2016-09-23 00:00:00
nessus
nessus
Mozilla Firefox < 49 Multiple Vulnerabilities (macOS)
2018-10-05 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3076-1)
2016-09-23 00:00:00
FreeBSD : mozilla -- multiple vulnerabilities (2c57c47e-8bb3-4694-83c8-9fc3abad3964)
2016-09-21 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2016-09-24 20:10:13
Security update for MozillaFirefox, mozilla-nss (important)
2016-09-26 18:10:55
Security update for MozillaFirefox (important)
2016-10-12 20:08:55
mozilla
mozilla
Security vulnerabilities fixed in Firefox 49 — Mozilla
2016-09-20 00:00:00
Security vulnerabilities fixed in Thunderbird 45.4 — Mozilla
2016-10-03 00:00:00
Security vulnerabilities fixed in Firefox ESR 45.4 — Mozilla
2016-09-20 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2016-09-13 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2016-09-22 00:00:00
Thunderbird vulnerabilities
2016-10-27 00:00:00
mageia
mageia
Updated iceape packages fix security vulnerability
2017-02-20 16:24:57
Updated firefox/rootcerts/nss packages fix security vulnerability
2016-09-28 08:59:24
Updated thunderbird packages fix security vulnerability
2016-10-06 22:47:10
kaspersky
kaspersky
KLA10876 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-09-13 00:00:00
KLA10889 Multiple vulnerabilities in Mozilla Thunderbird
2016-10-20 00:00:00
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS
2018-06-18 00:28:27
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified.
2018-06-18 00:28:02
oraclelinux
oraclelinux
firefox security update
2016-09-21 00:00:00
thunderbird security update
2016-10-03 00:00:00
debian
debian
[SECURITY] [DLA 636-1] firefox-esr security update
2016-09-27 12:05:24
[SECURITY] [DSA 3674-1] firefox-esr security update
2016-09-22 19:55:24
[SECURITY] [DLA 658-1] icedove security update
2016-10-16 17:20:00
centos
centos
firefox security update
2016-09-22 13:23:33
thunderbird security update
2016-10-03 20:12:34
redhat
redhat
(RHSA-2016:1912) Critical: firefox security update
2016-09-21 06:56:38
(RHSA-2016:1985) Important: thunderbird security update
2016-10-03 00:00:00
threatpost
threatpost
Mozilla Patches Certificate Pinning Vulnerability in Firefox
2016-09-21 08:58:18
ubuntucve
ubuntucve
CVE-2016-5282
2016-09-22 00:00:00
CVE-2016-5283
2016-09-22 00:00:00
CVE-2016-5284
2016-09-22 00:00:00
cvelist
cvelist
CVE-2016-5282
2016-09-22 22:00:00
CVE-2016-5281
2016-09-22 22:00:00
CVE-2016-5284
2016-09-22 22:00:00
prion
prion
Out-of-bounds
2016-09-22 22:59:00
Design/Logic Flaw
2016-09-22 22:59:00
Design/Logic Flaw
2016-09-22 22:59:00
nvd
nvd
CVE-2016-5271
2016-09-22 22:59:04
CVE-2016-5282
2016-09-22 22:59:16
CVE-2016-5284
2016-09-22 22:59:18
redhatcve
redhatcve
CVE-2016-5282
2016-09-20 18:49:00
CVE-2016-5283
2016-11-02 17:18:43
CVE-2016-5284
2016-09-20 18:18:32
debiancve
debiancve
CVE-2016-5282
2016-09-22 22:59:16
CVE-2016-5275
2016-09-22 22:59:08
CVE-2016-5271
2016-09-22 22:59:04
cve
cve
CVE-2016-5282
2016-09-22 22:59:16
CVE-2016-5271
2016-09-22 22:59:04
CVE-2016-5281
2016-09-22 22:59:15
veracode
veracode
Use-After-Free
2019-05-02 05:49:54
Man-in-the-Middle
2019-05-02 05:49:54
Use-After-Free
2019-05-02 05:49:54
osv
osv
icedove - security update
2016-10-16 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

EPSS

0.082

Percentile

94.4%

JSON
Related for MOZILLA_FIREFOX_49_0.NASL
archlinux1openvas32nessus23suse5mozilla3freebsd1ubuntu2mageia3kaspersky2ibm2oraclelinux2debian4centos2redhat2threatpost1ubuntucve15cvelist16prion15nvd15redhatcve15debiancve16cve14veracode7osv1