English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 146377 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.2.1.2022.04
Kategorie:General
Titel:Mozilla Firefox Security Advisory (MFSA2022-04) - Linux
Zusammenfassung:This host is missing a security update for Mozilla Firefox.
Beschreibung:Summary:
This host is missing a security update for Mozilla Firefox.

Vulnerability Insight:
CVE-2022-22754: Extensions could have bypassed permission confirmation during update
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions.

CVE-2022-22755: XSL could have allowed JavaScript execution after a tab was closed
By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed.

CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it.

CVE-2022-22757: Remote Agent did not prevent local websites from connecting
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.

CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements
If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox.

CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types
When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin.

CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages
Web-accessible extension pages (pages with a moz-extension:// scheme) were not ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
Firefox version(s) below 97.

Solution:
The vendor has released an update. Please see the reference(s) for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-0511
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1713579%2C1735448%2C1743821%2C1746313%2C1746314%2C1746316%2C1746321%2C1746322%2C1746323%2C1746412%2C1746430%2C1746451%2C1746488%2C1746875%2C1746898%2C1746905%2C1746907%2C1746917%2C1747128%2C1747137%2C1747331%2C1747346%2C1747439%2C1747457%2C1747870%2C1749051%2C1749274%2C1749831
https://www.mozilla.org/security/advisories/mfsa2022-04/
Common Vulnerability Exposure (CVE) ID: CVE-2022-22754
https://bugzilla.mozilla.org/show_bug.cgi?id=1750565
https://www.mozilla.org/security/advisories/mfsa2022-05/
https://www.mozilla.org/security/advisories/mfsa2022-06/
Common Vulnerability Exposure (CVE) ID: CVE-2022-22755
https://bugzilla.mozilla.org/show_bug.cgi?id=1309630
Common Vulnerability Exposure (CVE) ID: CVE-2022-22756
https://bugzilla.mozilla.org/show_bug.cgi?id=1317873
Common Vulnerability Exposure (CVE) ID: CVE-2022-22757
https://bugzilla.mozilla.org/show_bug.cgi?id=1720098
Common Vulnerability Exposure (CVE) ID: CVE-2022-22759
https://bugzilla.mozilla.org/show_bug.cgi?id=1739957
Common Vulnerability Exposure (CVE) ID: CVE-2022-22760
https://bugzilla.mozilla.org/show_bug.cgi?id=1740985
https://bugzilla.mozilla.org/show_bug.cgi?id=1748503
Common Vulnerability Exposure (CVE) ID: CVE-2022-22761
https://bugzilla.mozilla.org/show_bug.cgi?id=1745566
Common Vulnerability Exposure (CVE) ID: CVE-2022-22764
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1742682%2C1744165%2C1746545%2C1748210%2C1748279
CopyrightCopyright (C) 2022 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.