Lucene search
Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2458-3.NASLHistoryJan 28, 2015 - 12:00 a.m.
Ubuntu 14.04 LTS : Firefox regression (USN-2458-3)
2015-01-2800:00:00
Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
10
Confidence
High
EPSS
0.937
Percentile
99.2%
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2458-3 advisory.
USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse
Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered
multiple memory safety issues in Firefox. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
these to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-8634, CVE-2014-8635)
Bobby Holley discovered that some DOM objects with certain properties
can bypass XrayWrappers in some circumstances. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to bypass security restrictions. (CVE-2014-8636)
Michal Zalewski discovered a use of uninitialized memory when rendering
malformed bitmap images on a canvas element. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to steal confidential information. (CVE-2014-8637)
Muneaki Nishimura discovered that requests from navigator.sendBeacon()
lack an origin header. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to conduct
cross-site request forgery (XSRF) attacks. (CVE-2014-8638)
Xiaofeng Zheng discovered that a web proxy returning a 407 response
could inject cookies in to the originally requested domain. If a user
connected to a malicious web proxy, an attacker could potentially exploit
this to conduct session-fixation attacks. (CVE-2014-8639)
Holger Fuhrmannek discovered a crash in Web Audio while manipulating
timelines. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service. (CVE-2014-8640)
Mitchell Harper discovered a use-after-free in WebRTC. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2014-8641)
Brian Smith discovered that OCSP responses would fail to verify if signed
by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck
extension, potentially allowing a user to connect to a site with a revoked
certificate. (CVE-2014-8642)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2458-3. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(81041);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/27");
script_bugtraq_id(
72041,
72042,
72044,
72045,
72046,
72047,
72048,
72049,
72050
);
script_xref(name:"USN", value:"2458-3");
script_name(english:"Ubuntu 14.04 LTS : Firefox regression (USN-2458-3)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the
USN-2458-3 advisory.
USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites
that use CSP fail to load under some circumstances. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse
Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered
multiple memory safety issues in Firefox. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
these to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-8634, CVE-2014-8635)
Bobby Holley discovered that some DOM objects with certain properties
can bypass XrayWrappers in some circumstances. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to bypass security restrictions. (CVE-2014-8636)
Michal Zalewski discovered a use of uninitialized memory when rendering
malformed bitmap images on a canvas element. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to steal confidential information. (CVE-2014-8637)
Muneaki Nishimura discovered that requests from navigator.sendBeacon()
lack an origin header. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to conduct
cross-site request forgery (XSRF) attacks. (CVE-2014-8638)
Xiaofeng Zheng discovered that a web proxy returning a 407 response
could inject cookies in to the originally requested domain. If a user
connected to a malicious web proxy, an attacker could potentially exploit
this to conduct session-fixation attacks. (CVE-2014-8639)
Holger Fuhrmannek discovered a crash in Web Audio while manipulating
timelines. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service. (CVE-2014-8640)
Mitchell Harper discovered a use-after-free in WebRTC. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2014-8641)
Brian Smith discovered that OCSP responses would fail to verify if signed
by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck
extension, potentially allowing a user to connect to a site with a revoked
certificate. (CVE-2014-8642)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2458-3");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_attribute(attribute:"risk_factor", value:"High");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/14");
script_set_attribute(attribute:"patch_publication_date", value:"2015/01/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-globalmenu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-testsuite");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '14.04', 'pkgname': 'firefox', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-dev', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-globalmenu', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-af', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-an', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ar', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-as', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ast', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-az', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-be', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-bg', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-bn', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-br', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-bs', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ca', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-cs', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-csb', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-cy', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-da', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-de', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-el', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-en', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-eo', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-es', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-et', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-eu', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fa', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fi', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fr', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-fy', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ga', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gd', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gl', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-gu', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-he', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hi', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hr', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hsb', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hu', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-hy', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-id', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-is', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-it', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ja', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ka', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-kk', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-km', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-kn', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ko', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ku', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-lg', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-lt', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-lv', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mai', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mk', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ml', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mn', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-mr', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ms', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nb', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nl', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nn', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-nso', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-oc', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-or', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-pa', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-pl', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-pt', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ro', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ru', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-si', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sk', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sl', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sq', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sr', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sv', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-sw', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-ta', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-te', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-th', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-tr', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-uk', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-vi', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-xh', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-zh-hans', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-zh-hant', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-locale-zu', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-mozsymbols', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'},
{'osver': '14.04', 'pkgname': 'firefox-testsuite', 'pkgver': '35.0.1+build1-0ubuntu0.14.04.1'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
var extra = '';
extra += ubuntu_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-dev / firefox-globalmenu / firefox-locale-af / etc');
}
References
Related
openvas
openvas
SeaMonkey Multiple Vulnerabilities-01 (Jan 2015) - Mac OS X
2015-01-20 00:00:00
Ubuntu: Security Advisory (USN-2458-1)
2015-01-23 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 (Jan 2015) - Mac OS X
2015-01-20 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Ubufox update (USN-2458-2)
2015-01-15 00:00:00
SeaMonkey < 2.32 Vulnerability
2015-01-14 00:00:00
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2458-1)
2015-01-15 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2015-01-14 00:00:00
Firefox regression
2015-01-27 00:00:00
Ubufox update
2015-01-14 00:00:00
mageia
mageia
Updated iceape package fixes security vulnerabilities
2015-01-19 19:47:36
Updated firefox and thunderbird packages fixes security vulnerabilities
2015-01-18 01:31:08
Updated iceape packages fix security vulnerabilities
2015-09-08 10:20:40
archlinux
archlinux
firefox: multiple issues
2015-01-14 00:00:00
thunderbird: multiple issues
2015-01-14 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-01-19 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2015-01-19 15:04:39
Security update for seamonkey (important)
2015-02-02 12:05:27
Security update for MozillaFirefox (important)
2015-01-19 14:04:43
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-01-13 00:00:00
debian
debian
[SECURITY] [DSA 3127-1] iceweasel security update
2015-01-14 19:02:00
[SECURITY] [DSA 3132-1] icedove security update
2015-01-19 16:58:23
redhat
redhat
(RHSA-2015:0046) Critical: firefox security and bug fix update
2015-01-13 00:00:00
(RHSA-2015:0047) Important: thunderbird security update
2015-01-13 00:00:00
centos
centos
firefox, xulrunner security update
2015-01-14 16:08:25
thunderbird security update
2015-01-14 15:52:57
osv
osv
iceweasel - security update
2015-01-14 00:00:00
icedove - security update
2015-01-19 00:00:00
oraclelinux
oraclelinux
firefox security and bug fix update
2015-01-14 00:00:00
thunderbird security update
2015-01-13 00:00:00
mozilla
mozilla
Miscellaneous memory safety hazards (rv:35.0 / rv:31.4) — Mozilla
2015-01-13 00:00:00
Uninitialized memory use during bitmap rendering — Mozilla
2015-01-13 00:00:00
ubuntucve
ubuntucve
prion
prion
Information disclosure
2015-01-14 11:59:00
Design/Logic Flaw
2015-01-14 11:59:00
Code injection
2015-01-14 11:59:00
cvelist
cvelist
nvd
nvd
cve
cve
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox XrayWrapper Policy Bypass (CVE-2014-8636)
2015-04-19 00:00:00
Mozilla Firefox Proxy Prototype Remote Code Execution (CVE-2014-8636)
2015-03-26 00:00:00
exploitdb
exploitdb
packetstorm
packetstorm
Firefox Proxy Prototype Privileged Javascript Injection
2015-03-24 00:00:00
zdt
zdt
Firefox Proxy Prototype Privileged Javascript Injection Exploit
2015-03-27 00:00:00
kaspersky
kaspersky
KLA10445 ACE vulnerability in Mozilla
2015-01-13 00:00:00
KLA10446 CI vulnerability in Mozilla products
2015-01-13 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:07:08
Denial Of Service (DoS)
2019-01-15 09:04:03
Cross-site Request Forgery (CSRF)
2019-05-02 05:07:07
metasploit
metasploit
Firefox Proxy Prototype Privileged Javascript Injection
2015-03-23 18:44:41
ibm
ibm
googleprojectzero
googleprojectzero
Attacking ECMAScript Engines with Redefinition
2015-08-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
10
Confidence
High
EPSS
0.937
Percentile
99.2%
Related for UBUNTU_USN-2458-3.NASL