English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2022.0156
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2022-0156)
Zusammenfassung:The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts' package(s) announced via the MGASA-2022-0156 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts' package(s) announced via the MGASA-2022-0156 advisory.

Vulnerability Insight:
NSSToken objects were referenced via direct points, and could have been
accessed in an unsafe way on different threads, leading to a use-after-free
and potentially exploitable crash (CVE-2022-1097).

After a VR Process is destroyed, a reference to it may have been retained and
used, leading to a use-after-free and potentially exploitable crash
(CVE-2022-1196).

The rust regex crate did not properly prevent crafted regular expressions from
taking an arbitrary amount of time during parsing. If an attacker was able to
supply input to this crate, they could have caused a denial of service in the
browser (CVE-2022-24713).

If a compromised content process sent an unexpected number of WebAuthN
Extensions in a Register command to the parent process, an out of bounds write
would have occurred leading to memory corruption and a potentially exploitable
crash (CVE-2022-28281).

By using a link with rel='localization' a use-after-free in
DocumentL10n::TranslateDocument could have been triggered by destroying an
object during JavaScript execution and then referencing the object through a
freed pointer, leading to a potential exploitable crash (CVE-2022-28282).

When generating the assembly code for MLoadTypedArrayElementHole, an incorrect
AliasSet was used in JIT Codegen. In conjunction with another vulnerability
this could have been used for an out of bounds memory read (CVE-2022-28285).

Due to a layout change, iframe contents could have been rendered outside of
its border. This could have led to user confusion or spoofing attacks
(CVE-2022-28286).

Mozilla developers and community members Nika Layzell (ni? for response), the
Mozilla Fuzzing Team, Andrew McCreight, Gabriele Svelto (pto) reported memory
safety bugs present in Firefox ESR 91.7. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort some of these could
have been exploited to run arbitrary code (CVE-2022-28289).

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of
encoding, such as checks for whether a UTF-8 character is valid in a certain
context. (CVE-2022-25235)
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert
namespace-separator characters into namespace URIs. (CVE-2022-25236)

An integer overflow was found in expat. The issue occurs in storeRawNames ()
by abusing the m_buffer expansion logic to allow allocations very close to
INT_MAX and out-of-bounds heap writes. (CVE-2022-25315)

Affected Software/OS:
'firefox, firefox-l10n, nss, rootcerts' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-1097
https://bugzilla.mozilla.org/show_bug.cgi?id=1745667
https://www.mozilla.org/security/advisories/mfsa2022-13/
https://www.mozilla.org/security/advisories/mfsa2022-14/
https://www.mozilla.org/security/advisories/mfsa2022-15/
Common Vulnerability Exposure (CVE) ID: CVE-2022-1196
https://bugzilla.mozilla.org/show_bug.cgi?id=1750679
Common Vulnerability Exposure (CVE) ID: CVE-2022-24713
https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8
Debian Security Information: DSA-5113 (Google Search)
https://www.debian.org/security/2022/dsa-5113
Debian Security Information: DSA-5118 (Google Search)
https://www.debian.org/security/2022/dsa-5118
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/
https://security.gentoo.org/glsa/202208-08
https://security.gentoo.org/glsa/202208-14
https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e
https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw
https://lists.debian.org/debian-lts-announce/2022/04/msg00003.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00009.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-25235
https://security.netapp.com/advisory/ntap-20220303-0008/
Debian Security Information: DSA-5085 (Google Search)
https://www.debian.org/security/2022/dsa-5085
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://security.gentoo.org/glsa/202209-24
https://github.com/libexpat/libexpat/pull/562
https://www.oracle.com/security-alerts/cpuapr2022.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
http://www.openwall.com/lists/oss-security/2022/02/19/1
Common Vulnerability Exposure (CVE) ID: CVE-2022-25236
http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html
https://github.com/libexpat/libexpat/pull/561
Common Vulnerability Exposure (CVE) ID: CVE-2022-25315
https://github.com/libexpat/libexpat/pull/559
Common Vulnerability Exposure (CVE) ID: CVE-2022-28281
https://bugzilla.mozilla.org/show_bug.cgi?id=1755621
Common Vulnerability Exposure (CVE) ID: CVE-2022-28282
https://bugzilla.mozilla.org/show_bug.cgi?id=1751609
Common Vulnerability Exposure (CVE) ID: CVE-2022-28285
https://bugzilla.mozilla.org/show_bug.cgi?id=1756957
Common Vulnerability Exposure (CVE) ID: CVE-2022-28286
https://bugzilla.mozilla.org/show_bug.cgi?id=1735265
Common Vulnerability Exposure (CVE) ID: CVE-2022-28289
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663508%2C1744525%2C1753508%2C1757476%2C1757805%2C1758549%2C1758776
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.