Notification

Icon
Error

Mozilla Firefox Remote Execution Vulnerability (improved) - Mozilla Firefox Remote Execution Vulnerability CVE-2018-12386 and CVE-2018-12387

Posted: Tuesday, November 6, 2018 6:15:36 PM(UTC)
Sylvie

Sylvie

Member Original PosterPosts: 14
1
Like
Hello,

I need to follow the Mozilla Firefox CVE-2018-12386 and CVE-2018-12387 remote execution vulnerabilities.

Unfortunately, the report provided by Charles.X at Mozilla Firefox Remote Execution Vulnerability - Announcements - Lansweeper only mark as "green" the 2 Firefox versions '62.0.3' and '60.2.2'.

If we got newer versions, they are marked as "red" even if the vulnerabilities are fixed and if we have older versions, they are also marked as "red" even if they are not affected by this vulnerabilities.

So here is my "improved" report Angel


Code:

SELECT TOP 1000000
       tblAssets.AssetID
      ,tblAssets.AssetName
      ,tblAssets.Domain
      ,tsysAssetTypes.AssetTypename AS AssetType
      ,tblAssets.Username
      ,tblAssets.Userdomain
      ,tsysAssetTypes.AssetTypeIcon10 AS icon
      ,tblAssets.Lastseen
      ,tblAssets.Lasttried
      ,tblSoftwareUni.softwareName AS Software
      ,AllPlatformsSoftwares.softwareVersion AS Version
      ,'backgroundcolor' = 
       CASE WHEN tblSoftwareUni.softwareName like '%ESR%' THEN
            CASE
            WHEN CAST('/' + AllPlatformsSoftwares.softwareVersion + '/' AS HIERARCHYID) < CAST('/60.2.0/' AS HIERARCHYID) THEN '#ff8300'
            WHEN CAST('/' + AllPlatformsSoftwares.softwareVersion + '/' AS HIERARCHYID) >= CAST('/60.2.2/' AS HIERARCHYID) THEN '#d4f4be'
            ELSE '#ffadad'
            END
        ELSE
            CASE
            WHEN CAST('/' + AllPlatformsSoftwares.softwareVersion + '/' AS HIERARCHYID) < CAST('/62.0/' AS HIERARCHYID) THEN '#ff8300'
            WHEN CAST('/' + AllPlatformsSoftwares.softwareVersion + '/' AS HIERARCHYID) >= CAST('/62.0.3/' AS HIERARCHYID) THEN '#d4f4be'
            ELSE '#ffadad'
            END
      END
     ,'vulnerability' = 
       CASE WHEN tblSoftwareUni.softwareName like '%ESR%' THEN
            CASE
            WHEN CAST('/' + AllPlatformsSoftwares.softwareVersion + '/' AS HIERARCHYID) < CAST('/60.2.0/' AS HIERARCHYID) THEN 'older'
            WHEN CAST('/' + AllPlatformsSoftwares.softwareVersion + '/' AS HIERARCHYID) >= CAST('/60.2.2/' AS HIERARCHYID) THEN 'fixed'
            ELSE 'vulnerable'
            END
        ELSE
            CASE
            WHEN CAST('/' + AllPlatformsSoftwares.softwareVersion + '/' AS HIERARCHYID) < CAST('/62.0/' AS HIERARCHYID) THEN 'older'
            WHEN CAST('/' + AllPlatformsSoftwares.softwareVersion + '/' AS HIERARCHYID) >= CAST('/62.0.3/' AS HIERARCHYID) THEN 'fixed'
            ELSE 'vulnerable'
            END
      END
      ,tblSoftwareUni.SoftwarePublisher AS Publisher
      ,AllPlatformsSoftwares.Lastchanged
      ,tblAssets.IPAddress
      ,tsysIPLocations.IPLocation
      ,tblAssetCustom.Manufacturer
      ,tblAssetCustom.Model
      ,AllPlatformsOS.OSname AS OS
      ,tblAssets.SP
      FROM tblAssets
INNER JOIN tblAssetCustom ON tblAssets.AssetID = tblAssetCustom.AssetID
INNER JOIN tsysAssetTypes ON tsysAssetTypes.AssetType = tblAssets.Assettype
INNER JOIN tsysIPLocations ON tsysIPLocations.LocationID = tblAssets.LocationID
INNER JOIN tblState ON tblState.State = tblAssetCustom.State
INNER JOIN (  SELECT [AssetID]
                    ,[softID]
                    ,CASE WHEN CHARINDEX(' ',[softwareVersion])>0 THEN LEFT([softwareVersion],CHARINDEX(' ',[softwareVersion],0)-1) ELSE [softwareVersion] END AS softwareVersion
                    ,[Lastchanged]
                FROM [lansweeperdb].[dbo].[tblSoftware]
              UNION
              SELECT [AssetID]
                    ,[softid]
                    ,CASE WHEN CHARINDEX(' ',[Version])>0 THEN LEFT([Version],CHARINDEX(' ',[Version],0)-1) ELSE [Version] END
                    ,[LastChanged]
                FROM [lansweeperdb].[dbo].[tblMacApplications]
              UNION
              SELECT [AssetID]
                    ,[SoftwareUniID]
                    ,CASE WHEN CHARINDEX(' ',[Version])>0 THEN LEFT([Version],CHARINDEX(' ',[Version],0)-1) ELSE [Version] END
                    ,[LastChanged]
                FROM [lansweeperdb].[dbo].[tblLinuxSoftware]) AllPlatformsSoftwares ON tblAssets.AssetID = AllPlatformsSoftwares.AssetID AND COALESCE(AllPlatformsSoftwares.softwareVersion,'') <> ''
INNER JOIN tblSoftwareUni ON tblSoftwareUni.SoftID = AllPlatformsSoftwares.softID
LEFT JOIN (   SELECT [AssetID]
                    ,[Caption] as 'OSname'
                FROM [lansweeperdb].[dbo].[tblOperatingsystem]
              UNION
              SELECT [AssetID]
                    ,[SystemVersion]
                FROM [lansweeperdb].[dbo].[tblMacOSInfo]
              UNION
              SELECT [AssetID]
                    ,[OSRelease]
                FROM [lansweeperdb].[dbo].[tblLinuxSystem]) AllPlatformsOS ON tblAssets.AssetID = AllPlatformsOS.AssetID
WHERE tblSoftwareUni.softwareName LIKE '%Mozilla Firefox%' AND
      tblState.Statename = 'Active'
ORDER BY Domain,
         AssetName,
         Software


Regards,

Sylvie

Esben.D
#1Esben.D Member Administration Posts: 1,738  
posted: 11/9/2018 11:32:14 AM(UTC)
Very nice Applause Thanks!

One side note, this might not work on SQL Compact. So if anyone tries running this on SQL Compact and you get an error, that would be why ;)
jerry@netrush.com
#2jerry@netrush.com Member Posts: 1  
posted: 11/15/2018 7:01:56 PM(UTC)
I get an error on line 58; is that what you're talking about?
Saulo Benigno
#3Saulo Benigno Member Posts: 7  
posted: 3/1/2019 5:57:00 PM(UTC)
Same error here

Line 58

Active Discussions

Lansweeper non-active computer report
by  Apaulcolypse   Go to last post Go to first unread
Last post: Yesterday at 5:16:21 PM(UTC)
Lansweeper Report for showing CPUs below or above
by  GBA Craig  
Go to last post Go to first unread
Last post: 7/18/2019 3:38:41 PM(UTC)
Lansweeper Hardware list
by  GBA Craig   Go to last post Go to first unread
Last post: 7/18/2019 3:34:43 PM(UTC)
Lansweeper Top 10 users submitting tickets
by  LGuth  
Go to last post Go to first unread
Last post: 7/17/2019 9:29:44 PM(UTC)
Lansweeper Microsoft Patch Tuesday Report - July 2019
by  Noobmode   Go to last post Go to first unread
Last post: 7/17/2019 8:48:08 PM(UTC)
Lansweeper Custom Scanning - file not existing
by  Bruce Garoutte  
Go to last post Go to first unread
Last post: 7/17/2019 8:19:50 PM(UTC)
Lansweeper MouseJack vulnerability affected devices report
by  Viper   Go to last post Go to first unread
Last post: 7/16/2019 5:19:14 PM(UTC)
Lansweeper TPM support
by  Sander Eerdekens  
Go to last post Go to first unread
Last post: 7/16/2019 1:38:17 PM(UTC)