Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Firefox vulnerabilities
Informations
Name USN-3216-1 First vendor Publication 2017-03-07
Vendor Ubuntu Last vendor Modification 2017-03-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description: - firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. (CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5426, CVE-2017-5427)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.10:
firefox 52.0+build2-0ubuntu0.16.10.1

Ubuntu 16.04 LTS:
firefox 52.0+build2-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
firefox 52.0+build2-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
firefox 52.0+build2-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3216-1
CVE-2016-5412, CVE-2017-5398, CVE-2017-5399, CVE-2017-5400,
CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404,
CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408,
CVE-2017-5410, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415,
CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419,
CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5426,
CVE-2017-5427

Package Information:
https://launchpad.net/ubuntu/+source/firefox/52.0+build2-0ubuntu0.16.10.1
https://launchpad.net/ubuntu/+source/firefox/52.0+build2-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/firefox/52.0+build2-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/firefox/52.0+build2-0ubuntu0.12.04.1

Original Source

Url : http://www.ubuntu.com/usn/USN-3216-1

CWE : Common Weakness Enumeration

% Id Name
29 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
21 % CWE-20 Improper Input Validation
12 % CWE-416 Use After Free
12 % CWE-200 Information Exposure
4 % CWE-732 Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)
4 % CWE-476 NULL Pointer Dereference
4 % CWE-399 Resource Management Errors
4 % CWE-388 Error Handling
4 % CWE-362 Race Condition
4 % CWE-125 Out-of-bounds Read

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 460
Application 97
Application 343
Application 36
Os 2
Os 2605
Os 3
Os 3
Os 3
Os 2
Os 3
Os 3

Snort® IPS/IDS

Date Description
2017-07-27 Mozilla Firefox domFuzzLite3 table use after free attempt
RuleID : 43347 - Revision : 2 - Type : BROWSER-FIREFOX
2017-07-27 Mozilla Firefox domFuzzLite3 table use after free attempt
RuleID : 43346 - Revision : 2 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2017-07-13 Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZLSA-2017-0498.nasl - Type : ACT_GATHER_INFO
2017-07-13 Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZLSA-2017-0461.nasl - Type : ACT_GATHER_INFO
2017-07-13 Name : The remote Virtuozzo host is missing a security update.
File : Virtuozzo_VZLSA-2017-0459.nasl - Type : ACT_GATHER_INFO
2017-05-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201705-07.nasl - Type : ACT_GATHER_INFO
2017-05-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201705-06.nasl - Type : ACT_GATHER_INFO
2017-05-08 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-545.nasl - Type : ACT_GATHER_INFO
2017-05-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1048.nasl - Type : ACT_GATHER_INFO
2017-05-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1047.nasl - Type : ACT_GATHER_INFO
2017-04-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3832.nasl - Type : ACT_GATHER_INFO
2017-04-19 Name : The remote Debian host is missing a security update.
File : debian_DLA-896.nasl - Type : ACT_GATHER_INFO
2017-03-31 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3216-2.nasl - Type : ACT_GATHER_INFO
2017-03-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3233-1.nasl - Type : ACT_GATHER_INFO
2017-03-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0732-1.nasl - Type : ACT_GATHER_INFO
2017-03-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0714-1.nasl - Type : ACT_GATHER_INFO
2017-03-16 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2017-0498.nasl - Type : ACT_GATHER_INFO
2017-03-15 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170314_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2017-03-15 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2017-0498.nasl - Type : ACT_GATHER_INFO
2017-03-15 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-345.nasl - Type : ACT_GATHER_INFO
2017-03-15 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-344.nasl - Type : ACT_GATHER_INFO
2017-03-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-0498.nasl - Type : ACT_GATHER_INFO
2017-03-13 Name : The remote Debian host is missing a security update.
File : debian_DLA-852.nasl - Type : ACT_GATHER_INFO
2017-03-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3805.nasl - Type : ACT_GATHER_INFO
2017-03-10 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_45_8.nasl - Type : ACT_GATHER_INFO
2017-03-10 Name : The remote macOS or Mac OS X host contains a mail client that is affected by ...
File : macosx_thunderbird_45_8.nasl - Type : ACT_GATHER_INFO
2017-03-09 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170308_firefox_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-03-09 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2017-0459.nasl - Type : ACT_GATHER_INFO
2017-03-09 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2017-0461.nasl - Type : ACT_GATHER_INFO
2017-03-09 Name : The remote macOS or Mac OS X host contains a web browser that is affected by ...
File : macosx_firefox_45_8_esr.nasl - Type : ACT_GATHER_INFO
2017-03-09 Name : The remote macOS or Mac OS X host contains a web browser that is affected by ...
File : macosx_firefox_52.nasl - Type : ACT_GATHER_INFO
2017-03-09 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_45_8_esr.nasl - Type : ACT_GATHER_INFO
2017-03-09 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_52.nasl - Type : ACT_GATHER_INFO
2017-03-09 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2017-0461.nasl - Type : ACT_GATHER_INFO
2017-03-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-0459.nasl - Type : ACT_GATHER_INFO
2017-03-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-0461.nasl - Type : ACT_GATHER_INFO
2017-03-09 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170308_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2017-03-09 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2017-0459.nasl - Type : ACT_GATHER_INFO
2017-03-08 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3216-1.nasl - Type : ACT_GATHER_INFO
2017-03-08 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_96eca03113134daf9be29d6e1c4f1eb5.nasl - Type : ACT_GATHER_INFO
2016-12-15 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20161103_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2016-11-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-2574.nasl - Type : ACT_GATHER_INFO
2016-11-11 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-2574.nasl - Type : ACT_GATHER_INFO
2016-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-2574.nasl - Type : ACT_GATHER_INFO
2016-09-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3084-4.nasl - Type : ACT_GATHER_INFO
2016-09-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3084-3.nasl - Type : ACT_GATHER_INFO
2016-09-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3084-2.nasl - Type : ACT_GATHER_INFO
2016-09-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3084-1.nasl - Type : ACT_GATHER_INFO
2016-08-16 Name : The remote Fedora host is missing a security update.
File : fedora_2016-4b67f775fe.nasl - Type : ACT_GATHER_INFO
2016-08-16 Name : The remote Fedora host is missing a security update.
File : fedora_2016-90f142aa64.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2018-08-01 17:21:57
  • Multiple Updates
2018-07-13 01:11:35
  • Multiple Updates
2017-04-11 12:04:16
  • Multiple Updates
2017-04-01 13:25:06
  • Multiple Updates
2017-03-09 13:22:49
  • Multiple Updates
2017-03-08 05:22:49
  • First insertion