 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.883098 |
| Categoría: | CentOS Local Security Checks |
| Título: | CentOS Update for firefox CESA-2019:2694 centos6 |
| Resumen: | The remote host is missing an update for the 'firefox'; package(s) announced via the CESA-2019:2694 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the CESA-2019:2694 advisory. Vulnerability Insight: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.9.0 ESR. Security Fix(es): * Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * firefox: stored passwords in 'Saved Logins' can be copied without master password entry (CVE-2019-11733) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'firefox' package(s) on CentOS 6. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-9812 https://bugzilla.mozilla.org/show_bug.cgi?id=1538015 Common Vulnerability Exposure (CVE) ID: CVE-2019-11733 https://bugzilla.mozilla.org/show_bug.cgi?id=1565780 SuSE Security Announcement: openSUSE-SU-2019:2251 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html SuSE Security Announcement: openSUSE-SU-2019:2260 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html Common Vulnerability Exposure (CVE) ID: CVE-2019-11740 https://security.gentoo.org/glsa/201911-07 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1563133%2C1573160 SuSE Security Announcement: openSUSE-SU-2019:2248 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html SuSE Security Announcement: openSUSE-SU-2019:2249 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html https://usn.ubuntu.com/4150-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-11742 https://bugzilla.mozilla.org/show_bug.cgi?id=1559715 Common Vulnerability Exposure (CVE) ID: CVE-2019-11743 https://bugzilla.mozilla.org/show_bug.cgi?id=1560495 https://w3c.github.io/navigation-timing Common Vulnerability Exposure (CVE) ID: CVE-2019-11744 https://bugzilla.mozilla.org/show_bug.cgi?id=1562033 Common Vulnerability Exposure (CVE) ID: CVE-2019-11746 https://bugzilla.mozilla.org/show_bug.cgi?id=1564449 Common Vulnerability Exposure (CVE) ID: CVE-2019-11752 https://bugzilla.mozilla.org/show_bug.cgi?id=1501152 |
| Copyright | Copyright (C) 2019 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |