 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2022.0251 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2022-0251) |
| Zusammenfassung: | The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts' package(s) announced via the MGASA-2022-0251 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts' package(s) announced via the MGASA-2022-0251 advisory. Vulnerability Insight: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution (CVE-2022-2200). An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy (CVE-2022-31744). Content Security Policy sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI. An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link (CVE-2022-34468). Navigations between XML documents may have led to a use-after-free in nsSHistory and potentially exploitable crash (CVE-2022-34470). If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown (CVE-2022-34472). A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks (CVE-2022-34479). In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container (CVE-2022-34481). The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox ESR 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort Affected Software/OS: 'firefox, firefox-l10n, nss, rootcerts' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2022-2200 https://bugzilla.mozilla.org/show_bug.cgi?id=1771381 https://www.mozilla.org/security/advisories/mfsa2022-24/ https://www.mozilla.org/security/advisories/mfsa2022-25/ https://www.mozilla.org/security/advisories/mfsa2022-26/ Common Vulnerability Exposure (CVE) ID: CVE-2022-31744 https://bugzilla.mozilla.org/show_bug.cgi?id=1757604 https://www.mozilla.org/security/advisories/mfsa2022-20/ Common Vulnerability Exposure (CVE) ID: CVE-2022-34468 https://bugzilla.mozilla.org/show_bug.cgi?id=1768537 Common Vulnerability Exposure (CVE) ID: CVE-2022-34470 https://bugzilla.mozilla.org/show_bug.cgi?id=1765951 Common Vulnerability Exposure (CVE) ID: CVE-2022-34472 https://bugzilla.mozilla.org/show_bug.cgi?id=1770123 Common Vulnerability Exposure (CVE) ID: CVE-2022-34479 https://bugzilla.mozilla.org/show_bug.cgi?id=1745595 Common Vulnerability Exposure (CVE) ID: CVE-2022-34481 https://bugzilla.mozilla.org/show_bug.cgi?id=1497246 Common Vulnerability Exposure (CVE) ID: CVE-2022-34484 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1763634%2C1772651 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |