 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.883108 |
| Kategorie: | CentOS Local Security Checks |
| Titel: | CentOS Update for firefox CESA-2019:2729 centos7 |
| Zusammenfassung: | The remote host is missing an update for the 'firefox'; package(s) announced via the CESA-2019:2729 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the CESA-2019:2729 advisory. Vulnerability Insight: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.9.0 ESR. Security Fix(es): * Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * firefox: stored passwords in 'Saved Logins' can be copied without master password entry (CVE-2019-11733) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'firefox' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-9812 https://bugzilla.mozilla.org/show_bug.cgi?id=1538015 Common Vulnerability Exposure (CVE) ID: CVE-2019-11733 https://bugzilla.mozilla.org/show_bug.cgi?id=1565780 SuSE Security Announcement: openSUSE-SU-2019:2251 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html SuSE Security Announcement: openSUSE-SU-2019:2260 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2019-11740 https://security.gentoo.org/glsa/201911-07 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160 SuSE Security Announcement: openSUSE-SU-2019:2248 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html SuSE Security Announcement: openSUSE-SU-2019:2249 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html https://usn.ubuntu.com/4150-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-11742 https://bugzilla.mozilla.org/show_bug.cgi?id=1559715 Common Vulnerability Exposure (CVE) ID: CVE-2019-11743 https://bugzilla.mozilla.org/show_bug.cgi?id=1560495 https://w3c.github.io/navigation-timing Common Vulnerability Exposure (CVE) ID: CVE-2019-11744 https://bugzilla.mozilla.org/show_bug.cgi?id=1562033 Common Vulnerability Exposure (CVE) ID: CVE-2019-11746 https://bugzilla.mozilla.org/show_bug.cgi?id=1564449 Common Vulnerability Exposure (CVE) ID: CVE-2019-11752 https://bugzilla.mozilla.org/show_bug.cgi?id=1501152 |
| Copyright | Copyright (C) 2019 Greenbone AG |
| Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |