CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
90.8%
This update for MozillaFirefox fixes the following issues :
Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)
CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
CVE-2020-26956: XSS through paste (manual and clipboard API)
CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
CVE-2020-26959: Use-after-free in WebRequestService
CVE-2020-26960: Potential use-after-free in uses of nsTArray
CVE-2020-15999: Heap buffer overflow in freetype
CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
CVE-2020-26965: Software keyboards may have remembered typed passwords
CVE-2020-26966: Single-word search queries were also broadcast to local network
CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:3383-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(143745);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");
script_cve_id(
"CVE-2020-15999",
"CVE-2020-16012",
"CVE-2020-26951",
"CVE-2020-26953",
"CVE-2020-26956",
"CVE-2020-26958",
"CVE-2020-26959",
"CVE-2020-26960",
"CVE-2020-26961",
"CVE-2020-26965",
"CVE-2020-26966",
"CVE-2020-26968"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");
script_xref(name:"CEA-ID", value:"CEA-2020-0124");
script_name(english:"SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3383-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for MozillaFirefox fixes the following issues :
Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)
- CVE-2020-26951: Parsing mismatches could confuse and
bypass security sanitizer for chrome privileged code
- CVE-2020-16012: Variable time processing of cross-origin
images during drawImage calls
- CVE-2020-26953: Fullscreen could be enabled without
displaying the security UI
- CVE-2020-26956: XSS through paste (manual and clipboard
API)
- CVE-2020-26958: Requests intercepted through
ServiceWorkers lacked MIME type restrictions
- CVE-2020-26959: Use-after-free in WebRequestService
- CVE-2020-26960: Potential use-after-free in uses of
nsTArray
- CVE-2020-15999: Heap buffer overflow in freetype
- CVE-2020-26961: DoH did not filter IPv4 mapped IP
Addresses
- CVE-2020-26965: Software keyboards may have remembered
typed passwords
- CVE-2020-26966: Single-word search queries were also
broadcast to local network
- CVE-2020-26968: Memory safety bugs fixed in Firefox 83
and Firefox ESR 78.5
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1178824");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-15999/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-16012/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26951/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26953/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26956/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26958/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26959/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26960/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26961/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26965/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26966/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26968/");
# https://www.suse.com/support/update/announcement/2020/suse-su-20203383-1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3e3eae17");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 :
zypper in -t patch
SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3383=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-26968");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/03");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/12/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-78.5.0-3.119.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-debuginfo-78.5.0-3.119.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-debugsource-78.5.0-3.119.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-devel-78.5.0-3.119.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-translations-common-78.5.0-3.119.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"MozillaFirefox-translations-other-78.5.0-3.119.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-78.5.0-3.119.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-debuginfo-78.5.0-3.119.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-debugsource-78.5.0-3.119.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-devel-78.5.0-3.119.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-translations-common-78.5.0-3.119.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"MozillaFirefox-translations-other-78.5.0-3.119.1")) flag++;
if (flag)
{
set_kb_item(name:'www/0/XSS', value:TRUE);
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26951
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26968
www.nessus.org/u?3e3eae17
bugzilla.suse.com/show_bug.cgi?id=1178824
www.suse.com/security/cve/CVE-2020-15999/
www.suse.com/security/cve/CVE-2020-16012/
www.suse.com/security/cve/CVE-2020-26951/
www.suse.com/security/cve/CVE-2020-26953/
www.suse.com/security/cve/CVE-2020-26956/
www.suse.com/security/cve/CVE-2020-26958/
www.suse.com/security/cve/CVE-2020-26959/
www.suse.com/security/cve/CVE-2020-26960/
www.suse.com/security/cve/CVE-2020-26961/
www.suse.com/security/cve/CVE-2020-26965/
www.suse.com/security/cve/CVE-2020-26966/
www.suse.com/security/cve/CVE-2020-26968/
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
90.8%