CentOS Local Security Checks : CentOS: Security Advisory for firefox (CESA-2020:0521)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.883184

Categoría: CentOS Local Security Checks

Título: CentOS: Security Advisory for firefox (CESA-2020:0521)

Resumen: The remote host is missing an update for the 'firefox'; package(s) announced via the CESA-2020:0521 advisory.

Descripción: Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the CESA-2020:0521 advisory.

Vulnerability Insight:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 68.5.0 ESR.

Security Fix(es):

* Mozilla: Missing bounds check on shared memory read in the parent process
(CVE-2020-6796)

* Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
(CVE-2020-6800)

* Mozilla: Incorrect parsing of template tag could result in JavaScript
injection (CVE-2020-6798)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Affected Software/OS:
'firefox' package(s) on CentOS 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-6796
https://security.gentoo.org/glsa/202003-02
https://bugzilla.mozilla.org/show_bug.cgi?id=1610426
https://www.mozilla.org/security/advisories/mfsa2020-05/
https://www.mozilla.org/security/advisories/mfsa2020-06/
https://usn.ubuntu.com/4278-2/
Common Vulnerability Exposure (CVE) ID: CVE-2020-6798
https://security.gentoo.org/glsa/202003-10
https://bugzilla.mozilla.org/show_bug.cgi?id=1602944
https://www.mozilla.org/security/advisories/mfsa2020-07/
https://usn.ubuntu.com/4328-1/
https://usn.ubuntu.com/4335-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-6800
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.883184
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for firefox (CESA-2020:0521)
Resumen:	The remote host is missing an update for the 'firefox'; package(s) announced via the CESA-2020:0521 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the CESA-2020:0521 advisory. Vulnerability Insight: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.5.0 ESR. Security Fix(es): * Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796) * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) * Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'firefox' package(s) on CentOS 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-6796 https://security.gentoo.org/glsa/202003-02 https://bugzilla.mozilla.org/show_bug.cgi?id=1610426 https://www.mozilla.org/security/advisories/mfsa2020-05/ https://www.mozilla.org/security/advisories/mfsa2020-06/ https://usn.ubuntu.com/4278-2/ Common Vulnerability Exposure (CVE) ID: CVE-2020-6798 https://security.gentoo.org/glsa/202003-10 https://bugzilla.mozilla.org/show_bug.cgi?id=1602944 https://www.mozilla.org/security/advisories/mfsa2020-07/ https://usn.ubuntu.com/4328-1/ https://usn.ubuntu.com/4335-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-6800 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777
Copyright	Copyright (C) 2020 Greenbone Networks GmbH