English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2023.0056
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2023-0056)
Zusammenfassung:The remote host is missing an update for the 'firefox, firefox-l10n, nss' package(s) announced via the MGASA-2023-0056 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, nss' package(s) announced via the MGASA-2023-0056 advisory.

Vulnerability Insight:
An attacker could construct a PKCS 12 cert bundle in such a way that could
allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being
mishandled (CVE-2023-0767).

The Content-Security-Policy-Report-Only header could allow an attacker to leak
a child iframe's unredacted URI when interaction with that iframe triggers a
redirect (CVE-2023-25728).

Permission prompts for opening external schemes were only shown for
ContentPrincipals resulting in extensions being able to open them without user
interaction via ExpandedPrincipals. This could lead to further malicious
actions such as downloading files or interacting with software already
installed on the system (CVE-2023-25729).

A background script invoking requestFullscreen and then blocking the main
thread could force the browser into fullscreen mode indefinitely, resulting in
potential user confusion or spoofing attacks (CVE-2023-25730).

In EncodeInputStream, wen encoding data from an inputStream in xpcom the size
of the input being encoded was not correctly calculated potentially leading
to an out of bounds memory write (CVE-2023-25732).

In SpiderMonkey, cross-compartment wrappers wrapping a scripted proxy could
have caused objects from other compartments to be stored in the main
compartment resulting in a use-after-free after unwrapping the proxy
(CVE-2023-25735).

An invalid downcast from nsTextNode to SVGElement in
SVGUtils::SetupStrokeGeometry could have lead to undefined behavior
(CVE-2023-25737).

Module load requests that failed were not being checked as to whether or not
they were cancelled causing a use-after-free in
mozilla::dom::ScriptLoadContext::~
ScriptLoadContext (CVE-2023-25739).

In Web Crypto, when importing a SPKI RSA public key as ECDSA P-256, the key
would be handled incorrectly causing the tab to crash (CVE-2023-25742).

Mozilla developers Philipp and Gabriele Svelto, Kershaw Chang, and the Mozilla
Fuzzing Team reported memory safety bugs present in Firefox ESR 102.7. Some of
these bugs showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run arbitrary code
(CVE-2023-25744, CVE-2023-25746).

Affected Software/OS:
'firefox, firefox-l10n, nss' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-0767
https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1804640
https://www.mozilla.org/security/advisories/mfsa2023-05/
https://www.mozilla.org/security/advisories/mfsa2023-06/
https://www.mozilla.org/security/advisories/mfsa2023-07/
Common Vulnerability Exposure (CVE) ID: CVE-2023-25728
https://bugzilla.mozilla.org/show_bug.cgi?id=1790345
Common Vulnerability Exposure (CVE) ID: CVE-2023-25729
https://bugzilla.mozilla.org/show_bug.cgi?id=1792138
Common Vulnerability Exposure (CVE) ID: CVE-2023-25730
https://bugzilla.mozilla.org/show_bug.cgi?id=1794622
Common Vulnerability Exposure (CVE) ID: CVE-2023-25732
https://bugzilla.mozilla.org/show_bug.cgi?id=1804564
Common Vulnerability Exposure (CVE) ID: CVE-2023-25735
https://bugzilla.mozilla.org/show_bug.cgi?id=1810711
Common Vulnerability Exposure (CVE) ID: CVE-2023-25737
https://bugzilla.mozilla.org/show_bug.cgi?id=1811464
Common Vulnerability Exposure (CVE) ID: CVE-2023-25739
https://bugzilla.mozilla.org/show_bug.cgi?id=1811939
Common Vulnerability Exposure (CVE) ID: CVE-2023-25742
https://bugzilla.mozilla.org/show_bug.cgi?id=1813424
Common Vulnerability Exposure (CVE) ID: CVE-2023-25744
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536
Common Vulnerability Exposure (CVE) ID: CVE-2023-25746
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368
CopyrightCopyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.