CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
87.0%
The version of Mozilla Firefox installed on the remote Windows host is prior to 59. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(108377);
script_version("1.3");
script_cvs_date("Date: 2019/11/08");
script_cve_id(
"CVE-2018-5125",
"CVE-2018-5126",
"CVE-2018-5127",
"CVE-2018-5128",
"CVE-2018-5129",
"CVE-2018-5130",
"CVE-2018-5131",
"CVE-2018-5132",
"CVE-2018-5133",
"CVE-2018-5134",
"CVE-2018-5135",
"CVE-2018-5136",
"CVE-2018-5137",
"CVE-2018-5138",
"CVE-2018-5140",
"CVE-2018-5141",
"CVE-2018-5142",
"CVE-2018-5143"
);
script_xref(name:"MFSA", value:"2018-06");
script_name(english:"Mozilla Firefox < 59 Multiple Vulnerabilities");
script_summary(english:"Checks the version of Firefox.");
script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote Windows host is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Mozilla Firefox installed on the remote Windows host
is prior to 59. It is, therefore, affected by multiple
vulnerabilities, some of which allow code execution and potentially
exploitable crashes.");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Firefox version 59 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5128");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13");
script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mozilla_org_installed.nasl");
script_require_keys("Mozilla/Firefox/Version");
exit(0);
}
include("mozilla_version.inc");
port = get_kb_item("SMB/transport");
if (!port) port = 445;
installs = get_kb_list("SMB/Mozilla/Firefox/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
mozilla_check_version(installs:installs, product:'firefox', fix:'59', severity:SECURITY_HOLE, xss:TRUE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5132
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5136
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5137
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5138
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5140
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5142
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5143
www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
87.0%