Test Kennung:	1.3.6.1.4.1.25623.1.0.884254
Kategorie:	CentOS Local Security Checks
Titel:	CentOS: Security Advisory for firefox (CESA-2022:8552)
Zusammenfassung:	The remote host is missing an update for the 'firefox'; package(s) announced via the CESA-2022:8552 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the CESA-2022:8552 advisory. Vulnerability Insight: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fix(es): * Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403) * Mozilla: Fullscreen notification bypass (CVE-2022-45404) * Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405) * Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406) * Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408) * Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409) * Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421) * Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410) * Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411) * Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412) * Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416) * Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418) * Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'firefox' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-45403 https://bugzilla.mozilla.org/show_bug.cgi?id=1762078 https://www.mozilla.org/security/advisories/mfsa2022-47/ https://www.mozilla.org/security/advisories/mfsa2022-48/ https://www.mozilla.org/security/advisories/mfsa2022-49/ Common Vulnerability Exposure (CVE) ID: CVE-2022-45404 https://bugzilla.mozilla.org/show_bug.cgi?id=1790815 Common Vulnerability Exposure (CVE) ID: CVE-2022-45405 https://bugzilla.mozilla.org/show_bug.cgi?id=1791314 Common Vulnerability Exposure (CVE) ID: CVE-2022-45406 https://bugzilla.mozilla.org/show_bug.cgi?id=1791975 Common Vulnerability Exposure (CVE) ID: CVE-2022-45408 https://bugzilla.mozilla.org/show_bug.cgi?id=1793829 Common Vulnerability Exposure (CVE) ID: CVE-2022-45409 https://bugzilla.mozilla.org/show_bug.cgi?id=1796901 Common Vulnerability Exposure (CVE) ID: CVE-2022-45410 https://bugzilla.mozilla.org/show_bug.cgi?id=1658869 Common Vulnerability Exposure (CVE) ID: CVE-2022-45411 https://bugzilla.mozilla.org/show_bug.cgi?id=1790311 Common Vulnerability Exposure (CVE) ID: CVE-2022-45412 https://bugzilla.mozilla.org/show_bug.cgi?id=1791029 Common Vulnerability Exposure (CVE) ID: CVE-2022-45416 https://bugzilla.mozilla.org/show_bug.cgi?id=1793676 Common Vulnerability Exposure (CVE) ID: CVE-2022-45418 https://bugzilla.mozilla.org/show_bug.cgi?id=1795815 Common Vulnerability Exposure (CVE) ID: CVE-2022-45420 https://bugzilla.mozilla.org/show_bug.cgi?id=1792643 Common Vulnerability Exposure (CVE) ID: CVE-2022-45421 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1767920%2C1789808%2C1794061
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.