10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7.4 High
AI Score
Confidence
Low
0.122 Low
EPSS
Percentile
95.4%
This host is missing a security update for Mozilla Firefox.
# Copyright (C) 2021 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
CPE = "cpe:/a:mozilla:firefox";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.2.1.2018.11");
script_cve_id("CVE-2018-5150", "CVE-2018-5151", "CVE-2018-5152", "CVE-2018-5153", "CVE-2018-5154", "CVE-2018-5155", "CVE-2018-5157", "CVE-2018-5158", "CVE-2018-5159", "CVE-2018-5160", "CVE-2018-5163", "CVE-2018-5164", "CVE-2018-5165", "CVE-2018-5166", "CVE-2018-5167", "CVE-2018-5168", "CVE-2018-5169", "CVE-2018-5172", "CVE-2018-5173", "CVE-2018-5174", "CVE-2018-5175", "CVE-2018-5176", "CVE-2018-5177", "CVE-2018-5179", "CVE-2018-5180", "CVE-2018-5181", "CVE-2018-5182");
script_tag(name:"creation_date", value:"2021-11-08 15:21:25 +0000 (Mon, 08 Nov 2021)");
script_version("2021-11-08T15:21:25+0000");
script_tag(name:"last_modification", value:"2021-11-08 15:21:25 +0000 (Mon, 08 Nov 2021)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-03-13 12:44:00 +0000 (Wed, 13 Mar 2019)");
script_name("Mozilla Firefox Security Advisory (MFSA2018-11) - Linux");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone Networks GmbH");
script_family("General");
script_dependencies("gb_firefox_detect_lin.nasl");
script_mandatory_keys("mozilla/firefox/linux/detected");
script_xref(name:"Advisory-ID", value:"MFSA2018-11");
script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1445234%2C1449530%2C1437455%2C1447989%2C1438827%2C1436983%2C1435036%2C1440465%2C1439723%2C1448771%2C1453653%2C1454359%2C1432323%2C1454126%2C1436759%2C1439655%2C1448612%2C1449358%2C1367727%2C1452417");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1319157");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1415644");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1416045");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1424107");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1426353");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1427289");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1432358");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1432846");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1435908");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1436117");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1436482");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1436809");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1437325");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1438025");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1441941");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1442840");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1443092");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1444086");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1447080");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1447969");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1448774");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1449548");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1449898");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1451452");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1451908");
script_xref(name:"URL", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=1452075");
script_tag(name:"summary", value:"This host is missing a security update for Mozilla Firefox.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"CVE-2018-5154: Use-after-free with SVG animations and clip paths
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash.
CVE-2018-5155: Use-after-free with SVG animations and text paths
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash.
CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website.
CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.
CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content.
CVE-2018-5160: Uninitialized memory use by WebRTC encoder
WebRTC can use a WrappedI420Buffer pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash.
CVE-2018-5152: WebExtensions information leak through webRequest API
WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the webRequest API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in.
CVE-2018-5153: Out-of-bounds read in mixed content websocket messages
If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response.
CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent ... [Please see the references for more information on the vulnerabilities]");
script_tag(name:"affected", value:"Firefox version(s) below 60.");
script_tag(name:"solution", value:"The vendor has released an update. Please see the reference(s) for more information.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"executable_version_unreliable");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!infos = get_app_version_and_location(cpe: CPE, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "60")) {
report = report_fixed_ver(installed_version: version, fixed_version: "60", install_path: location);
security_message(port: 0, data: report);
exit(0);
}
exit(99);
bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129
bugzilla.mozilla.org/buglist.cgi?bug_id=1445234%2C1449530%2C1437455%2C1447989%2C1438827%2C1436983%2C1435036%2C1440465%2C1439723%2C1448771%2C1453653%2C1454359%2C1432323%2C1454126%2C1436759%2C1439655%2C1448612%2C1449358%2C1367727%2C1452417
bugzilla.mozilla.org/show_bug.cgi?id=1319157
bugzilla.mozilla.org/show_bug.cgi?id=1415644
bugzilla.mozilla.org/show_bug.cgi?id=1416045
bugzilla.mozilla.org/show_bug.cgi?id=1424107
bugzilla.mozilla.org/show_bug.cgi?id=1426353
bugzilla.mozilla.org/show_bug.cgi?id=1427289
bugzilla.mozilla.org/show_bug.cgi?id=1432358
bugzilla.mozilla.org/show_bug.cgi?id=1432846
bugzilla.mozilla.org/show_bug.cgi?id=1435908
bugzilla.mozilla.org/show_bug.cgi?id=1436117
bugzilla.mozilla.org/show_bug.cgi?id=1436482
bugzilla.mozilla.org/show_bug.cgi?id=1436809
bugzilla.mozilla.org/show_bug.cgi?id=1437325
bugzilla.mozilla.org/show_bug.cgi?id=1438025
bugzilla.mozilla.org/show_bug.cgi?id=1441941
bugzilla.mozilla.org/show_bug.cgi?id=1442840
bugzilla.mozilla.org/show_bug.cgi?id=1443092
bugzilla.mozilla.org/show_bug.cgi?id=1444086
bugzilla.mozilla.org/show_bug.cgi?id=1447080
bugzilla.mozilla.org/show_bug.cgi?id=1447969
bugzilla.mozilla.org/show_bug.cgi?id=1448774
bugzilla.mozilla.org/show_bug.cgi?id=1449548
bugzilla.mozilla.org/show_bug.cgi?id=1449898
bugzilla.mozilla.org/show_bug.cgi?id=1451452
bugzilla.mozilla.org/show_bug.cgi?id=1451908
bugzilla.mozilla.org/show_bug.cgi?id=1452075
www.mozilla.org/en-US/security/advisories/mfsa2018-11/
MFSA2018-11
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7.4 High
AI Score
Confidence
Low
0.122 Low
EPSS
Percentile
95.4%