Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2018.0483
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2018-0483)
Zusammenfassung:	The remote host is missing an update for the 'firefox, firefox-l10n' package(s) announced via the MGASA-2018-0483 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n' package(s) announced via the MGASA-2018-0483 advisory. Vulnerability Insight: A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash (CVE-2018-17466). A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash (CVE-2018-18492). A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash (CVE-2018-18493). A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft (CVE-2018-19494). A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write (CVE-2018-18498). Memory safety bugs present in Firefox ESR 60.3, some of which showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code (CVE-2018-12405). Affected Software/OS: 'firefox, firefox-l10n' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12405 BugTraq ID: 106168 http://www.securityfocus.com/bid/106168 Debian Security Information: DSA-4354 (Google Search) https://www.debian.org/security/2018/dsa-4354 Debian Security Information: DSA-4362 (Google Search) https://www.debian.org/security/2019/dsa-4362 https://security.gentoo.org/glsa/201903-04 https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html RedHat Security Advisories: RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3831 RedHat Security Advisories: RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2018:3833 RedHat Security Advisories: RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0159 RedHat Security Advisories: RHSA-2019:0160 https://access.redhat.com/errata/RHSA-2019:0160 https://usn.ubuntu.com/3844-1/ https://usn.ubuntu.com/3868-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-17466 BugTraq ID: 105666 http://www.securityfocus.com/bid/105666 Debian Security Information: DSA-4330 (Google Search) https://www.debian.org/security/2018/dsa-4330 https://security.gentoo.org/glsa/201811-10 https://crbug.com/880906 RedHat Security Advisories: RHSA-2018:3004 https://access.redhat.com/errata/RHSA-2018:3004 Common Vulnerability Exposure (CVE) ID: CVE-2018-18492 Common Vulnerability Exposure (CVE) ID: CVE-2018-18493 Common Vulnerability Exposure (CVE) ID: CVE-2018-18494 Common Vulnerability Exposure (CVE) ID: CVE-2018-18498
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.