Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0309)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2022.0309

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2022-0309)

Zusammenfassung: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss' package(s) announced via the MGASA-2022-0309 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss' package(s) announced via the MGASA-2022-0309 advisory.

Vulnerability Insight:
An attacker could have abused XSLT error handling to associate
attacker-controlled content with another origin which was displayed in the
address bar. This could have been used to fool the user into submitting
data intended for the spoofed origin (CVE-2022-38472).

A cross-origin iframe referencing an XSLT document would inherit the
parent domain's permissions (such as microphone or camera access)
(CVE-2022-38473).

Members the Mozilla Fuzzing Team reported memory safety bugs present in
Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption
and we presume that with enough effort some of these could have been
exploited to run arbitrary code (CVE-2022-38478).

Affected Software/OS:
'firefox, firefox-l10n, nspr, nss' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-38472
https://bugzilla.mozilla.org/show_bug.cgi?id=1769155
https://www.mozilla.org/security/advisories/mfsa2022-33/
https://www.mozilla.org/security/advisories/mfsa2022-34/
https://www.mozilla.org/security/advisories/mfsa2022-35/
https://www.mozilla.org/security/advisories/mfsa2022-36/
https://www.mozilla.org/security/advisories/mfsa2022-37/
Common Vulnerability Exposure (CVE) ID: CVE-2022-38473
https://bugzilla.mozilla.org/show_bug.cgi?id=1771685
Common Vulnerability Exposure (CVE) ID: CVE-2022-38478
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1770630%2C1776658

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2022.0309
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2022-0309)
Zusammenfassung:	The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss' package(s) announced via the MGASA-2022-0309 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss' package(s) announced via the MGASA-2022-0309 advisory. Vulnerability Insight: An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin (CVE-2022-38472). A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access) (CVE-2022-38473). Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2022-38478). Affected Software/OS: 'firefox, firefox-l10n, nspr, nss' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-38472 https://bugzilla.mozilla.org/show_bug.cgi?id=1769155 https://www.mozilla.org/security/advisories/mfsa2022-33/ https://www.mozilla.org/security/advisories/mfsa2022-34/ https://www.mozilla.org/security/advisories/mfsa2022-35/ https://www.mozilla.org/security/advisories/mfsa2022-36/ https://www.mozilla.org/security/advisories/mfsa2022-37/ Common Vulnerability Exposure (CVE) ID: CVE-2022-38473 https://bugzilla.mozilla.org/show_bug.cgi?id=1771685 Common Vulnerability Exposure (CVE) ID: CVE-2022-38478 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1770630%2C1776658
Copyright	Copyright (C) 2022 Greenbone AG