EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1002)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the firefox package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- Several flaws were found in the processing of malformed
web content. A web page containing malicious content
could cause Firefox to crash or, potentially, execute
arbitrary code with the privileges of the user running
Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957,
CVE-2016-1958, CVE-2016-1960, CVE-2016-1961,
CVE-2016-1962, CVE-2016-1973, CVE-2016-1974,
CVE-2016-1964, CVE-2016-1965, CVE-2016-1966)

- Multiple security flaws were found in the graphite2
font library shipped with Firefox. A web page
containing malicious content could cause Firefox to
crash or, potentially, execute arbitrary code with the
privileges of the user running Firefox. (CVE-2016-1977,
CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,
CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,
CVE-2016-2796, CVE-2016-2797, CVE-2016-2798,
CVE-2016-2799, CVE-2016-2800, CVE-2016-2801,
CVE-2016-2802)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?7e328b89

Solution :

Update the affected firefox packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false