vuln-list-alt/oval/c10f1/ALT-PU-2016-2388/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20162388",
      "Version": "oval:org.altlinux.errata:def:20162388",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2016-2388: package `firefox` update to version 50.0.2-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c10f1"
            ],
            "Products": [
              "ALT SP Workstation",
              "ALT SP Server"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2016-2388",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2016-2388",
            "Source": "ALTPU"
          },
          {
            "RefID": "BDU:2021-05334",
            "RefURL": "https://bdu.fstec.ru/vul/2021-05334",
            "Source": "BDU"
          },
          {
            "RefID": "CVE-2016-9078",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9078",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2016-9079",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9079",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades firefox to version 50.0.2-alt1. \nSecurity Fix(es):\n\n * BDU:2021-05334: Уязвимость реализации языка разметки SVG браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2016-9078: Redirection from an HTTP connection to a \"data:\" URL assigns the referring site's origin to the \"data:\" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox \u003c 50.0.1.\n\n * CVE-2016-9079: A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox \u003c 50.0.2, Firefox ESR \u003c 45.5.1, and Thunderbird \u003c 45.5.1.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2016-12-02"
          },
          "Updated": {
            "Date": "2016-12-02"
          },
          "BDUs": [
            {
              "ID": "BDU:2021-05334",
              "CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
              "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "CWE": "CWE-416",
              "Href": "https://bdu.fstec.ru/vul/2021-05334",
              "Impact": "High",
              "Public": "20161129"
            }
          ],
          "CVEs": [
            {
              "ID": "CVE-2016-9078",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-601",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9078",
              "Impact": "High",
              "Public": "20180611"
            },
            {
              "ID": "CVE-2016-9079",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
              "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9079",
              "Impact": "High",
              "Public": "20180611"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:10",
              "cpe:/o:alt:spserver:10"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:4001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20162388001",
                "Comment": "firefox is earlier than 0:50.0.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20162388002",
                "Comment": "rpm-build-firefox is earlier than 0:50.0.2-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}