Lucene search

HistorySep 09, 2021 - 12:00 a.m.

Mozilla Firefox Security Advisories (MFSA2021-31, MFSA2021-42) - Windows

2021-09-0900:00:00

plugins.openvas.org

mozilla firefox

security update

windows

vulnerability

mixed-content-blocking

internet explorer

memory safety

arbitrary code

security bypass

version 92.

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

This host is missing a security update
according to Mozilla.

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mozilla:firefox";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.818510");
  script_version("2024-02-15T05:05:40+0000");
  script_cve_id("CVE-2021-38494", "CVE-2021-38491", "CVE-2021-38492", "CVE-2021-38493");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2024-02-15 05:05:40 +0000 (Thu, 15 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2021-11-04 20:49:00 +0000 (Thu, 04 Nov 2021)");
  script_tag(name:"creation_date", value:"2021-09-09 00:46:50 +0530 (Thu, 09 Sep 2021)");
  script_name("Mozilla Firefox Security Advisories (MFSA2021-31, MFSA2021-42) - Windows");

  script_tag(name:"summary", value:"This host is missing a security update
  according to Mozilla.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"Multiple flaws are due to,

  - Mixed-Content-Blocking was unable to check opaque origins.

  - Navigating to 'mk:' URL scheme could load Internet Explorer.

  - Memory safety bugs.");

  script_tag(name:"impact", value:"Successful exploitation will allow
  attackers to run arbitrary code and bypass security restrictions.");

  script_tag(name:"affected", value:"Mozilla Firefox version before
  92 on Windows.");

  script_tag(name:"solution", value:"Upgrade to Mozilla Firefox version 92
  or later. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"registry");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("General");
  script_dependencies("gb_firefox_detect_win.nasl");
  script_mandatory_keys("Firefox/Win/Ver");
  exit(0);
}
include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);
vers = infos['version'];
path = infos['location'];

if(version_is_less(version:vers, test_version:"92"))
{
  report = report_fixed_ver(installed_version:vers, fixed_version:"92", install_path:path);
  security_message(data:report);
  exit(0);
}
exit(99);