CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
99.2%
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2458-1 advisory.
Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-8634, CVE-2014-8635)
Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2014-8636)
Michal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential information. (CVE-2014-8637)
Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2014-8638)
Xiaofeng Zheng discovered that a web proxy returning a 407 response could inject cookies in to the originally requested domain. If a user connected to a malicious web proxy, an attacker could potentially exploit this to conduct session-fixation attacks. (CVE-2014-8639)
Holger Fuhrmannek discovered a crash in Web Audio while manipulating timelines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2014-8640)
Mitchell Harper discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8641)
Brian Smith discovered that OCSP responses would fail to verify if signed by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck extension, potentially allowing a user to connect to a site with a revoked certificate. (CVE-2014-8642)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2458-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(80548);
script_version("1.22");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/27");
script_cve_id(
"CVE-2014-8634",
"CVE-2014-8635",
"CVE-2014-8636",
"CVE-2014-8637",
"CVE-2014-8638",
"CVE-2014-8639",
"CVE-2014-8640",
"CVE-2014-8641",
"CVE-2014-8642"
);
script_bugtraq_id(
72041,
72042,
72044,
72045,
72046,
72047,
72048,
72049,
72050
);
script_xref(name:"USN", value:"2458-1");
script_name(english:"Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2458-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in
the USN-2458-1 advisory.
Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence
Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-8634, CVE-2014-8635)
Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some
circumstances. If a user were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass security restrictions. (CVE-2014-8636)
Michal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a
canvas element. If a user were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to steal confidential information. (CVE-2014-8637)
Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user
were tricked in to opening a specially crafted website, an attacker could potentially exploit this to
conduct cross-site request forgery (XSRF) attacks. (CVE-2014-8638)
Xiaofeng Zheng discovered that a web proxy returning a 407 response could inject cookies in to the
originally requested domain. If a user connected to a malicious web proxy, an attacker could potentially
exploit this to conduct session-fixation attacks. (CVE-2014-8639)
Holger Fuhrmannek discovered a crash in Web Audio while manipulating timelines. If a user were tricked in
to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of
service. (CVE-2014-8640)
Mitchell Harper discovered a use-after-free in WebRTC. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-8641)
Brian Smith discovered that OCSP responses would fail to verify if signed by a delegated OCSP responder
certificate with the id-pkix-ocsp-nocheck extension, potentially allowing a user to connect to a site with
a revoked certificate. (CVE-2014-8642)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2458-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-8641");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2014-8638");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Firefox Proxy Prototype Privileged Javascript Injection');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/14");
script_set_attribute(attribute:"patch_publication_date", value:"2015/01/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-globalmenu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-testsuite");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '14.04', 'pkgname': 'firefox', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-dev', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-globalmenu', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-af', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-an', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-as', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-az', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-be', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-br', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-da', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-de', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-el', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-en', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-es', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-et', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-he', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-id', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-is', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-it', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-km', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-or', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-si', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-te', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-th', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'},
{'osver': '14.04', 'pkgname': 'firefox-testsuite', 'pkgver': '35.0+build3-0ubuntu0.14.04.2'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
var extra = '';
extra += ubuntu_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-dev / firefox-globalmenu / firefox-locale-af / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8635
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8637
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8642
ubuntu.com/security/notices/USN-2458-1