Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114202009281HistoryApr 19, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2020:0928-1)
2021-04-1900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
5
suse
security advisory
mozillafirefox
update
cve-2020-6819
cve-2020-6820
use-after-free
suse enterprise storage
suse linux enterprise server
sap
software development kit
openstack cloud
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.034
Percentile
91.4%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2020.0928.1");
script_cve_id("CVE-2020-6819", "CVE-2020-6820");
script_tag(name:"creation_date", value:"2021-04-19 00:00:00 +0000 (Mon, 19 Apr 2021)");
script_version("2024-08-08T05:05:41+0000");
script_tag(name:"last_modification", value:"2024-08-08 05:05:41 +0000 (Thu, 08 Aug 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-05-01 13:47:51 +0000 (Fri, 01 May 2020)");
script_name("SUSE: Security Advisory (SUSE-SU-2020:0928-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP1|SLES12\.0SP2|SLES12\.0SP3|SLES12\.0SP4|SLES12\.0SP5)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2020:0928-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2020/suse-su-20200928-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:0928-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for MozillaFirefox fixes the following issues:
Mozilla Firefox 68.6.1esr MFSA 2020-11 (bsc#1168630)
* CVE-2020-6819 (bmo#1620818) Use-after-free while running the
nsDocShell destructor
* CVE-2020-6820 (bmo#1626728) Use-after-free when handling a
ReadableStream");
script_tag(name:"affected", value:"'MozillaFirefox' package(s) on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP1, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP 12-SP1, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~68.6.1~109.113.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~68.6.1~109.113.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~68.6.1~109.113.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-devel", rpm:"MozillaFirefox-devel~68.6.1~109.113.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~68.6.1~109.113.1", rls:"SLES12.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~68.6.1~109.113.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~68.6.1~109.113.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~68.6.1~109.113.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-devel", rpm:"MozillaFirefox-devel~68.6.1~109.113.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~68.6.1~109.113.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~68.6.1~109.113.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~68.6.1~109.113.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~68.6.1~109.113.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~68.6.1~109.113.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~68.6.1~109.113.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~68.6.1~109.113.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~68.6.1~109.113.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~68.6.1~109.113.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP5") {
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~68.6.1~109.113.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debuginfo", rpm:"MozillaFirefox-debuginfo~68.6.1~109.113.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-debugsource", rpm:"MozillaFirefox-debugsource~68.6.1~109.113.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~68.6.1~109.113.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
Mozilla Firefox ESR < 68.6.1
2020-04-06 00:00:00
RHEL 6 : firefox (RHSA-2020:1339)
2020-04-07 00:00:00
RHEL 7 : firefox (RHSA-2020:1338)
2020-04-07 00:00:00
centos
centos
firefox security update
2020-04-08 15:31:17
thunderbird security update
2020-04-28 00:21:12
thunderbird security update
2020-04-30 19:57:02
debian
debian
[SECURITY] [DSA 4653-1] firefox-esr security update
2020-04-04 15:20:25
[SECURITY] [DLA 2172-1] thunderbird security update
2020-04-14 10:27:34
[SECURITY] [DSA 4656-1] thunderbird security update
2020-04-13 19:42:57
openvas
openvas
Mozilla Firefox Security Advisories (MFSA2020-11, MFSA2020-11) - Windows
2020-04-07 00:00:00
Mozilla Firefox Security Advisory (MFSA2020-11) - Linux
2021-11-08 00:00:00
Mozilla Firefox ESR Security Advisories (MFSA2020-11, MFSA2020-11) - Windows
2020-04-07 00:00:00
suse
suse
Security update for MozillaFirefox (critical)
2020-04-06 00:00:00
Security update for MozillaThunderbird (important)
2020-04-15 00:00:00
Security update for MozillaThunderbird (important)
2020-04-23 00:00:00
threatpost
threatpost
Firefox Zero-Day Flaws Exploited in the Wild Get Patched
2020-04-04 13:28:43
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 68.6.1-alt1
2020-04-04 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 68.7.0-alt1
2020-04-08 00:00:00
redhat
redhat
(RHSA-2020:1338) Critical: firefox security update
2020-04-07 07:45:26
(RHSA-2020:1341) Critical: firefox security update
2020-04-07 07:43:50
(RHSA-2020:1340) Critical: firefox security update
2020-04-07 07:05:11
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2020-04-04 00:00:00
archlinux
archlinux
[ASA-202004-6] firefox: arbitrary code execution
2020-04-04 00:00:00
[ASA-202004-12] thunderbird: multiple issues
2020-04-13 00:00:00
osv
osv
firefox-esr - security update
2020-04-04 00:00:00
thunderbird - security update
2020-04-13 00:00:00
thunderbird - security update
2020-04-14 00:00:00
kaspersky
kaspersky
KLA11712 Multiple vulnerabilities in Mozilla Firefox ESR
2020-04-03 00:00:00
KLA11711 Multiple vulnerabilities in Mozilla Firefox
2020-04-03 00:00:00
KLA11730 Multiple vulnerabilities in Mozilla Thunderbird
2020-04-09 00:00:00
oraclelinux
oraclelinux
firefox security update
2020-04-09 00:00:00
firefox security update
2020-04-11 00:00:00
firefox security update
2020-07-07 00:00:00
redos
redos
slackware
slackware
[slackware-security] mozilla-firefox
2020-04-04 00:08:09
ubuntu
ubuntu
Firefox vulnerabilities
2020-04-04 00:00:00
Thunderbird vulnerabilities
2020-04-13 00:00:00
Thunderbird vulnerabilities
2020-04-21 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2020-04-05 20:07:15
Updated thunderbird packages fix security vulnerabilities
2020-04-15 13:12:14
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 74.0.1 and Firefox ESR 68.6.1 β Mozilla
2020-04-03 00:00:00
Security Vulnerabilities fixed in Thunderbird 68.7.0 β Mozilla
2020-04-09 00:00:00
redhatcve
redhatcve
CVE-2020-6819
2020-04-04 12:05:29
CVE-2020-6820
2020-04-04 12:05:29
prion
prion
Race condition
2020-04-24 16:15:00
Race condition
2020-04-24 16:15:00
ubuntucve
ubuntucve
CVE-2020-6819
2020-04-03 00:00:00
CVE-2020-6820
2020-04-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-08 00:44:27
Denial Of Service (DoS)
2020-04-08 00:44:28
cisa_kev
cisa_kev
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
2021-11-03 00:00:00
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
2021-11-03 00:00:00
cvelist
cvelist
CVE-2020-6819
2020-04-24 15:56:56
CVE-2020-6820
2020-04-24 15:56:04
attackerkb
attackerkb
CVE-2020-6819
2020-04-24 00:00:00
CVE-2020-6820
2020-04-24 00:00:00
alpinelinux
alpinelinux
CVE-2020-6819
2020-04-24 16:15:13
CVE-2020-6820
2020-04-24 16:15:13
cve
cve
CVE-2020-6820
2020-04-24 16:15:13
CVE-2020-6819
2020-04-24 16:15:13
debiancve
debiancve
CVE-2020-6820
2020-04-24 16:15:13
CVE-2020-6819
2020-04-24 16:15:13
nvd
nvd
CVE-2020-6820
2020-04-24 16:15:13
CVE-2020-6819
2020-04-24 16:15:13
amazon
amazon
Critical: thunderbird
2020-05-19 18:32:00
securelist
securelist
IT threat evolution Q2 2020. PC statistics
2020-09-03 10:30:23
googleprojectzero
googleprojectzero
DΓ©jΓ vu-lnerability
2021-02-03 00:00:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.034
Percentile
91.4%
Related for OPENVAS:13614125623114202009281