 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2020.0208 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2020-0208) |
| Zusammenfassung: | The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts' package(s) announced via the MGASA-2020-0208 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts' package(s) announced via the MGASA-2020-0208 advisory. Vulnerability Insight: Updated firefox packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash (CVE-2020-6831). A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash (CVE-2020-12387). The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files (CVE-2020-12392). Mozilla developers and community members Alexandru Michis, Jason Kratzer, philipp, Ted Campbell, Bas Schouten, Andre Bargull, and Karl Tomlinson reported memory safety bugs present in Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-12395). nss has been updated to 3.52. rootcerts have been updated to drop some obsolete certs fixing support for nss 3.52. Affected Software/OS: 'firefox, firefox-l10n, nss, rootcerts' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-12387 https://bugzilla.mozilla.org/show_bug.cgi?id=1545345 https://security.gentoo.org/glsa/202005-03 https://security.gentoo.org/glsa/202005-04 https://www.mozilla.org/security/advisories/mfsa2020-16/ https://www.mozilla.org/security/advisories/mfsa2020-17/ https://www.mozilla.org/security/advisories/mfsa2020-18/ https://usn.ubuntu.com/4373-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-12392 https://bugzilla.mozilla.org/show_bug.cgi?id=1614468 Common Vulnerability Exposure (CVE) ID: CVE-2020-12395 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595886%2C1611482%2C1614704%2C1624098%2C1625749%2C1626382%2C1628076%2C1631508 Common Vulnerability Exposure (CVE) ID: CVE-2020-6831 Debian Security Information: DSA-4714 (Google Search) https://www.debian.org/security/2020/dsa-4714 http://packetstormsecurity.com/files/158480/usrsctp-Stack-Buffer-Overflow.html https://bugzilla.mozilla.org/show_bug.cgi?id=1632241 SuSE Security Announcement: openSUSE-SU-2020:0917 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00000.html |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |