Test Kennung:	1.3.6.1.4.1.25623.1.0.884193
Kategorie:	CentOS Local Security Checks
Titel:	CentOS: Security Advisory for firefox (CESA-2022:0124)
Zusammenfassung:	The remote host is missing an update for the 'firefox'; package(s) announced via the CESA-2022:0124 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the CESA-2022:0124 advisory. Vulnerability Insight: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.5.0 ESR. Security Fix(es): * Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140) * Mozilla: Race condition when playing audio files (CVE-2022-22737) * Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738) * Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741) * Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22743) * Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751) * Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745) * Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748) * Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739) * Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'firefox' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-4140 https://bugzilla.mozilla.org/show_bug.cgi?id=1746720 https://www.mozilla.org/security/advisories/mfsa2022-01/ https://www.mozilla.org/security/advisories/mfsa2022-02/ https://www.mozilla.org/security/advisories/mfsa2022-03/ Common Vulnerability Exposure (CVE) ID: CVE-2022-22737 https://bugzilla.mozilla.org/show_bug.cgi?id=1745874 Common Vulnerability Exposure (CVE) ID: CVE-2022-22738 https://bugzilla.mozilla.org/show_bug.cgi?id=1742382 Common Vulnerability Exposure (CVE) ID: CVE-2022-22739 https://bugzilla.mozilla.org/show_bug.cgi?id=1744158 Common Vulnerability Exposure (CVE) ID: CVE-2022-22740 https://bugzilla.mozilla.org/show_bug.cgi?id=1742334 Common Vulnerability Exposure (CVE) ID: CVE-2022-22741 https://bugzilla.mozilla.org/show_bug.cgi?id=1740389 Common Vulnerability Exposure (CVE) ID: CVE-2022-22742 https://bugzilla.mozilla.org/show_bug.cgi?id=1739923 Common Vulnerability Exposure (CVE) ID: CVE-2022-22743 https://bugzilla.mozilla.org/show_bug.cgi?id=1739220 Common Vulnerability Exposure (CVE) ID: CVE-2022-22745 https://bugzilla.mozilla.org/show_bug.cgi?id=1735856 Common Vulnerability Exposure (CVE) ID: CVE-2022-22747 https://bugzilla.mozilla.org/show_bug.cgi?id=1735028 Common Vulnerability Exposure (CVE) ID: CVE-2022-22748 https://bugzilla.mozilla.org/show_bug.cgi?id=1705211 Common Vulnerability Exposure (CVE) ID: CVE-2022-22751 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664149%2C1737816%2C1739366%2C1740274%2C1740797%2C1741201%2C1741869%2C1743221%2C1743515%2C1745373%2C1746011
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.