CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
89.5%
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14359-1 advisory.
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-12387)
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. (CVE-2020-12388, CVE-2020-12389)
The ‘Copy as cURL’ feature of Devtools’ network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the ‘Copy as cURL’ feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-12392)
The ‘Copy as cURL’ feature of Devtools’ network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the ‘Copy as cURL’ feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-12393)
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-12395)
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-6831)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2020:14359-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(150555);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/26");
script_cve_id(
"CVE-2020-6831",
"CVE-2020-12387",
"CVE-2020-12388",
"CVE-2020-12389",
"CVE-2020-12392",
"CVE-2020-12393",
"CVE-2020-12395"
);
script_xref(name:"SuSE", value:"SUSE-SU-2020:14359-1");
script_xref(name:"IAVA", value:"2020-A-0190-S");
script_name(english:"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14359-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in
the SUSE-SU-2020:14359-1 advisory.
- A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This
resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76,
and Thunderbird < 68.8.0. (CVE-2020-12387)
- The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox
escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects
Firefox ESR < 68.8 and Firefox < 76. (CVE-2020-12388, CVE-2020-12389)
- The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a
request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the
command into a terminal, it could have resulted in the disclosure of local files. This vulnerability
affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-12392)
- The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request,
which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command
into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this
issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8,
Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-12393)
- Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR
68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some
of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8,
Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-12395)
- A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to
memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8,
Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-6831)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1162828");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1171186");
# https://lists.suse.com/pipermail/sle-security-updates/2020-May/006809.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cd96c37");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12387");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12388");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12389");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12392");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12393");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12395");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-6831");
script_set_attribute(attribute:"solution", value:
"Update the affected MozillaFirefox, MozillaFirefox-translations-common and / or MozillaFirefox-translations-other
packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12395");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-12389");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/05");
script_set_attribute(attribute:"patch_publication_date", value:"2020/05/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
pkgs = [
{'reference':'MozillaFirefox-68.8.0-78.73', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
{'reference':'MozillaFirefox-translations-common-68.8.0-78.73', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
{'reference':'MozillaFirefox-translations-other-68.8.0-78.73', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
{'reference':'MozillaFirefox-68.8.0-78.73', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
{'reference':'MozillaFirefox-translations-common-68.8.0-78.73', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
{'reference':'MozillaFirefox-translations-other-68.8.0-78.73', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
sp = NULL;
cpu = NULL;
exists_check = NULL;
rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release && exists_check) {
if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
else if (reference && release) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
ltss_plugin_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in SUSE Enterprise Linux Server LTSS\n' +
'repositories. Access to these package security updates require\n' +
'a paid SUSE LTSS subscription.\n';
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + ltss_plugin_caveat
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaFirefox / MozillaFirefox-translations-common / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12387
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12388
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12392
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12395
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6831
www.nessus.org/u?0cd96c37
bugzilla.suse.com/1162828
bugzilla.suse.com/1171186
www.suse.com/security/cve/CVE-2020-12387
www.suse.com/security/cve/CVE-2020-12388
www.suse.com/security/cve/CVE-2020-12389
www.suse.com/security/cve/CVE-2020-12392
www.suse.com/security/cve/CVE-2020-12393
www.suse.com/security/cve/CVE-2020-12395
www.suse.com/security/cve/CVE-2020-6831
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
89.5%