7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.604 Medium
EPSS
Percentile
97.8%
The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities:
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5459)
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5447)
An out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content.
This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5446)
An out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The ClearKeyDecryptor code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5448)
A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5449)
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5442)
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5443)
A buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5444)
A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5441)
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5432)
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5460)
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5464)
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5469)
An out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5465)
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5433)
A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5434)
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5438)
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5439)
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5435)
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-7758)
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
(CVE-2017-7757)
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory.
These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-7778)
An out of bounds read vulnerability was found in libevent in the search_make_new function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash. (CVE-2016-10197)
A vulnerability was found in libevent with the parsing of DNS requests and replies. An attacker could send a forged DNS response to an application using libevent which could lead to reading data out of bounds on the heap, potentially disclosing a small amount of application memory. (CVE-2016-10195)
A vulnerability was found in libevent with the parsing of IPv6 addresses. If an attacker could cause an application using libevent to parse a malformed address in IPv6 notation of more than 2GiB in length, a stack overflow would occur leading to a crash.
(CVE-2016-10196)
A use-after-free vulnerability during video control operations when a element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash.
This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-7750)
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR).
This could result in a potentially exploitable crash.
This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-7756)
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-7749)
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-7752)
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-7751)
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash.
This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-5472)
An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-7754)
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-5470)
An out of bounds read flaw related to graphite2::Silf::readGraphite has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. (CVE-2017-7774)
A heap-based buffer overflow flaw related to lz4::decompress (src/Decompressor) has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code.
(CVE-2017-7773)
A heap-based buffer overflow flaw related to lz4::decompress has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code. (CVE-2017-7772)
An out of bounds read flaw related to graphite2::Pass::readPass has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. (CVE-2017-7771)
The use of uninitialized memory related to graphite2::GlyphCache::Loader::read_glyph has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an application using graphite2 in unknown ways.
(CVE-2017-7777)
An out of bounds read flaw related to graphite2::Silf::getClassGlyph has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. (CVE-2017-7776)
Characters from the Canadian Syllabics unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw punycode form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from Aspirational Use Scripts such as Canadian Syllabics to be mixed with Latin characters in the moderately restrictive IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as Limited Use Scripts… This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-7764)
Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5429)
A vulnerability while parsing application/http-index- format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5445)
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5440)
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. (CVE-2017-5436)
A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5428)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2019-0103. The text
# itself is copyright (C) ZTE, Inc.
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(127332);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id(
"CVE-2016-10195",
"CVE-2016-10196",
"CVE-2016-10197",
"CVE-2017-5428",
"CVE-2017-5429",
"CVE-2017-5432",
"CVE-2017-5433",
"CVE-2017-5434",
"CVE-2017-5435",
"CVE-2017-5436",
"CVE-2017-5438",
"CVE-2017-5439",
"CVE-2017-5440",
"CVE-2017-5441",
"CVE-2017-5442",
"CVE-2017-5443",
"CVE-2017-5444",
"CVE-2017-5445",
"CVE-2017-5446",
"CVE-2017-5447",
"CVE-2017-5448",
"CVE-2017-5449",
"CVE-2017-5459",
"CVE-2017-5460",
"CVE-2017-5464",
"CVE-2017-5465",
"CVE-2017-5469",
"CVE-2017-5470",
"CVE-2017-5472",
"CVE-2017-7749",
"CVE-2017-7750",
"CVE-2017-7751",
"CVE-2017-7752",
"CVE-2017-7754",
"CVE-2017-7756",
"CVE-2017-7757",
"CVE-2017-7758",
"CVE-2017-7764",
"CVE-2017-7771",
"CVE-2017-7772",
"CVE-2017-7773",
"CVE-2017-7774",
"CVE-2017-7776",
"CVE-2017-7777",
"CVE-2017-7778"
);
script_name(english:"NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0103)");
script_set_attribute(attribute:"synopsis", value:
"The remote machine is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple
vulnerabilities:
- A buffer overflow in WebGL triggerable by web content,
resulting in a potentially exploitable crash. This
vulnerability affects Thunderbird < 52.1, Firefox ESR <
45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5459)
- An out-of-bounds read during the processing of glyph
widths during text layout. This results in a potentially
exploitable crash and could allow an attacker to read
otherwise inaccessible memory. This vulnerability
affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox
ESR < 52.1, and Firefox < 53. (CVE-2017-5447)
- An out-of-bounds read when an HTTP/2 connection to a
servers sends DATA frames with incorrect data content.
This leads to a potentially exploitable crash. This
vulnerability affects Thunderbird < 52.1, Firefox ESR <
45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5446)
- An out-of-bounds write in ClearKeyDecryptor while
decrypting some Clearkey-encrypted media content. The
ClearKeyDecryptor code runs within the Gecko Media
Plugin (GMP) sandbox. If a second mechanism is found to
escape the sandbox, this vulnerability allows for the
writing of arbitrary data within memory, resulting in a
potentially exploitable crash. This vulnerability
affects Firefox ESR < 45.9, Firefox ESR < 52.1, and
Firefox < 53. (CVE-2017-5448)
- A possibly exploitable crash triggered during layout and
manipulation of bidirectional unicode text in concert
with CSS animations. This vulnerability affects
Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox <
53. (CVE-2017-5449)
- A use-after-free vulnerability during changes in style
when manipulating DOM elements. This results in a
potentially exploitable crash. This vulnerability
affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox
ESR < 52.1, and Firefox < 53. (CVE-2017-5442)
- An out-of-bounds write vulnerability while decoding
improperly formed BinHex format archives. This
vulnerability affects Thunderbird < 52.1, Firefox ESR <
45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5443)
- A buffer overflow vulnerability while parsing
application/http-index-format format content when the
header contains improperly formatted data. This allows
for an out-of-bounds read of data from memory. This
vulnerability affects Thunderbird < 52.1, Firefox ESR <
45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5444)
- A use-after-free vulnerability when holding a selection
during scroll events. This results in a potentially
exploitable crash. This vulnerability affects
Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR <
52.1, and Firefox < 53. (CVE-2017-5441)
- A use-after-free vulnerability occurs during certain
text input selection resulting in a potentially
exploitable crash. This vulnerability affects
Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR <
52.1, and Firefox < 53. (CVE-2017-5432)
- A use-after-free vulnerability in frame selection
triggered by a combination of malicious script content
and key presses by a user. This results in a potentially
exploitable crash. This vulnerability affects
Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR <
52.1, and Firefox < 53. (CVE-2017-5460)
- During DOM manipulations of the accessibility tree
through script, the DOM tree can become out of sync with
the accessibility tree, leading to memory corruption and
a potentially exploitable crash. This vulnerability
affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox
ESR < 52.1, and Firefox < 53. (CVE-2017-5464)
- Fixed potential buffer overflows in generated Firefox
code due to CVE-2016-6354 issue in Flex. This
vulnerability affects Thunderbird < 52.1, Firefox ESR <
45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5469)
- An out-of-bounds read while processing SVG content in
ConvolvePixel. This results in a crash and also allows
for otherwise inaccessible memory being copied into SVG
graphic content, which could then displayed. This
vulnerability affects Thunderbird < 52.1, Firefox ESR <
45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5465)
- A use-after-free vulnerability in SMIL animation
functions occurs when pointers to animation elements in
an array are dropped from the animation controller while
still in use. This results in a potentially exploitable
crash. This vulnerability affects Thunderbird < 52.1,
Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox <
53. (CVE-2017-5433)
- A use-after-free vulnerability occurs when redirecting
focus handling which results in a potentially
exploitable crash. This vulnerability affects
Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR <
52.1, and Firefox < 53. (CVE-2017-5434)
- A use-after-free vulnerability during XSLT processing
due to the result handler being held by a freed handler
during handling. This results in a potentially
exploitable crash. This vulnerability affects
Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR <
52.1, and Firefox < 53. (CVE-2017-5438)
- A use-after-free vulnerability during XSLT processing
due to poor handling of template parameters. This
results in a potentially exploitable crash. This
vulnerability affects Thunderbird < 52.1, Firefox ESR <
45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5439)
- A use-after-free vulnerability occurs during transaction
processing in the editor during design mode
interactions. This results in a potentially exploitable
crash. This vulnerability affects Thunderbird < 52.1,
Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox <
53. (CVE-2017-5435)
- An out-of-bounds read vulnerability with the Opus
encoder when the number of channels in an audio stream
changes while the encoder is in use. This vulnerability
affects Firefox < 54, Firefox ESR < 52.2, and
Thunderbird < 52.2. (CVE-2017-7758)
- A use-after-free vulnerability in IndexedDB when one of
its objects is destroyed in memory while a method on it
is still being executed. This results in a potentially
exploitable crash. This vulnerability affects Firefox <
54, Firefox ESR < 52.2, and Thunderbird < 52.2.
(CVE-2017-7757)
- A number of security vulnerabilities in the Graphite 2
library including out-of-bounds reads, buffer overflow
reads and writes, and the use of uninitialized memory.
These issues were addressed in Graphite 2 version
1.3.10. This vulnerability affects Firefox < 54, Firefox
ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-7778)
- An out of bounds read vulnerability was found in
libevent in the search_make_new function. If an attacker
could cause an application using libevent to attempt
resolving an empty hostname, an out of bounds read could
occur possibly leading to a crash. (CVE-2016-10197)
- A vulnerability was found in libevent with the parsing
of DNS requests and replies. An attacker could send a
forged DNS response to an application using libevent
which could lead to reading data out of bounds on the
heap, potentially disclosing a small amount of
application memory. (CVE-2016-10195)
- A vulnerability was found in libevent with the parsing
of IPv6 addresses. If an attacker could cause an
application using libevent to parse a malformed address
in IPv6 notation of more than 2GiB in length, a stack
overflow would occur leading to a crash.
(CVE-2016-10196)
- A use-after-free vulnerability during video control
operations when a element holds a reference to
an older window if that window has been replaced in the
DOM. This results in a potentially exploitable crash.
This vulnerability affects Firefox < 54, Firefox ESR <
52.2, and Thunderbird < 52.2. (CVE-2017-7750)
- A use-after-free and use-after-scope vulnerability when
logging errors from headers for XML HTTP Requests (XHR).
This could result in a potentially exploitable crash.
This vulnerability affects Firefox < 54, Firefox ESR <
52.2, and Thunderbird < 52.2. (CVE-2017-7756)
- A use-after-free vulnerability when using an incorrect
URL during the reloading of a docshell. This results in
a potentially exploitable crash. This vulnerability
affects Firefox < 54, Firefox ESR < 52.2, and
Thunderbird < 52.2. (CVE-2017-7749)
- A use-after-free vulnerability during specific user
interactions with the input method editor (IME) in some
languages due to how events are handled. This results in
a potentially exploitable crash but would require
specific user interaction to trigger. This vulnerability
affects Firefox < 54, Firefox ESR < 52.2, and
Thunderbird < 52.2. (CVE-2017-7752)
- A use-after-free vulnerability with content viewer
listeners that results in a potentially exploitable
crash. This vulnerability affects Firefox < 54, Firefox
ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-7751)
- A use-after-free vulnerability with the frameloader
during tree reconstruction while regenerating CSS layout
when attempting to use a node in the tree that no longer
exists. This results in a potentially exploitable crash.
This vulnerability affects Firefox < 54, Firefox ESR <
52.2, and Thunderbird < 52.2. (CVE-2017-5472)
- An out-of-bounds read in WebGL with a maliciously
crafted ImageInfo object during WebGL operations. This
vulnerability affects Firefox < 54, Firefox ESR < 52.2,
and Thunderbird < 52.2. (CVE-2017-7754)
- Memory safety bugs were reported in Firefox 53 and
Firefox ESR 52.1. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort
that some of these could be exploited to run arbitrary
code. This vulnerability affects Firefox < 54, Firefox
ESR < 52.2, and Thunderbird < 52.2. (CVE-2017-5470)
- An out of bounds read flaw related to
graphite2::Silf::readGraphite has been reported in
graphite2. An attacker could possibly exploit this flaw
to disclose potentially sensitive memory or cause an
application crash. (CVE-2017-7774)
- A heap-based buffer overflow flaw related to
lz4::decompress (src/Decompressor) has been reported
in graphite2. An attacker could exploit this issue to
cause a crash or, possibly, execute arbitrary code.
(CVE-2017-7773)
- A heap-based buffer overflow flaw related to
lz4::decompress has been reported in graphite2. An
attacker could exploit this issue to cause a crash or,
possibly, execute arbitrary code. (CVE-2017-7772)
- An out of bounds read flaw related to
graphite2::Pass::readPass has been reported in
graphite2. An attacker could possibly exploit this flaw
to disclose potentially sensitive memory or cause an
application crash. (CVE-2017-7771)
- The use of uninitialized memory related to
graphite2::GlyphCache::Loader::read_glyph has been
reported in graphite2. An attacker could possibly
exploit this flaw to negatively impact the execution of
an application using graphite2 in unknown ways.
(CVE-2017-7777)
- An out of bounds read flaw related to
graphite2::Silf::getClassGlyph has been reported in
graphite2. An attacker could possibly exploit this flaw
to disclose potentially sensitive memory or cause an
application crash. (CVE-2017-7776)
- Characters from the Canadian Syllabics unicode block
can be mixed with characters from other unicode blocks
in the addressbar instead of being rendered as their raw
punycode form, allowing for domain name spoofing
attacks through character confusion. The current Unicode
standard allows characters from Aspirational Use
Scripts such as Canadian Syllabics to be mixed with
Latin characters in the moderately restrictive IDN
profile. We have changed Firefox behavior to match the
upcoming Unicode version 10.0 which removes this
category and treats them as Limited Use Scripts.. This
vulnerability affects Firefox < 54, Firefox ESR < 52.2,
and Thunderbird < 52.2. (CVE-2017-7764)
- Memory safety bugs were reported in Firefox 52, Firefox
ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of
these bugs showed evidence of memory corruption and we
presume that with enough effort that some of these could
be exploited to run arbitrary code. This vulnerability
affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox
ESR < 52.1, and Firefox < 53. (CVE-2017-5429)
- A vulnerability while parsing application/http-index-
format format content where uninitialized values are
used to create an array. This could allow the reading of
uninitialized memory into the arrays affected. This
vulnerability affects Thunderbird < 52.1, Firefox ESR <
45.9, Firefox ESR < 52.1, and Firefox < 53.
(CVE-2017-5445)
- A use-after-free vulnerability during XSLT processing
due to a failure to propagate error conditions during
matching while evaluating context, leading to objects
being used when they no longer exist. This results in a
potentially exploitable crash. This vulnerability
affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox
ESR < 52.1, and Firefox < 53. (CVE-2017-5440)
- An out-of-bounds write in the Graphite 2 library
triggered with a maliciously crafted Graphite font. This
results in a potentially exploitable crash. This issue
was fixed in the Graphite 2 library as well as Mozilla
products. This vulnerability affects Thunderbird < 52.1,
Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox <
53. (CVE-2017-5436)
- A flaw was found in the processing of malformed web
content. A web page containing malicious content could
cause Firefox to crash or, potentially, execute
arbitrary code with the privileges of the user running
Firefox. (CVE-2017-5428)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0103");
script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE
for more information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7778");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/15");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"NewStart CGSL Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/ZTE-CGSL/release");
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
if (release !~ "CGSL MAIN 4.05")
audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');
if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
flag = 0;
pkgs = {
"CGSL MAIN 4.05": [
"firefox-52.2.0-1.el6.centos"
]
};
pkg_list = pkgs[release];
foreach (pkg in pkg_list)
if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5428
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5449
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778
security.gd-linux.com/notice/NS-SA-2019-0103
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.604 Medium
EPSS
Percentile
97.8%