 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2021.0065 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2021-0065) |
| Zusammenfassung: | The remote host is missing an update for the 'crypto-policies, firefox, firefox-l10n, nss' package(s) announced via the MGASA-2021-0065 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'crypto-policies, firefox, firefox-l10n, nss' package(s) announced via the MGASA-2021-0065 advisory. Vulnerability Insight: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing (CVE-2020-26976). If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data (CVE-2021-23953). Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash (CVE-2021-23954). Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash (CVE-2021-23960). Mozilla developers Alexis Beingessner, Christian Holler, Andrew McCreight, Tyson Smith, Jon Coppeard, Andre Bargull, Jason Kratzer, Jesse Schwartzentruber, Steve Fink, Byron Campen reported memory safety bugs present in Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-23964). Affected Software/OS: 'crypto-policies, firefox, firefox-l10n, nss' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-26976 Debian Security Information: DSA-4840 (Google Search) https://www.debian.org/security/2021/dsa-4840 Debian Security Information: DSA-4842 (Google Search) https://www.debian.org/security/2021/dsa-4842 https://security.gentoo.org/glsa/202102-02 https://bugzilla.mozilla.org/show_bug.cgi?id=1674343 https://www.mozilla.org/security/advisories/mfsa2020-54/ https://lists.debian.org/debian-lts-announce/2021/02/msg00001.html https://lists.debian.org/debian-lts-announce/2021/02/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2021-23953 https://bugzilla.mozilla.org/show_bug.cgi?id=1683940 https://www.mozilla.org/security/advisories/mfsa2021-03/ https://www.mozilla.org/security/advisories/mfsa2021-04/ https://www.mozilla.org/security/advisories/mfsa2021-05/ Common Vulnerability Exposure (CVE) ID: CVE-2021-23954 https://bugzilla.mozilla.org/show_bug.cgi?id=1684020 Common Vulnerability Exposure (CVE) ID: CVE-2021-23960 https://bugzilla.mozilla.org/show_bug.cgi?id=1675755 Common Vulnerability Exposure (CVE) ID: CVE-2021-23964 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662507%2C1666285%2C1673526%2C1674278%2C1674835%2C1675097%2C1675844%2C1675868%2C1677590%2C1677888%2C1680410%2C1681268%2C1682068%2C1682938%2C1683736%2C1685260%2C1685925 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |