ID de Prueba:	1.3.6.1.4.1.25623.1.0.883267
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for firefox (CESA-2020:3253)
Resumen:	The remote host is missing an update for the 'firefox'; package(s) announced via the CESA-2020:3253 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the CESA-2020:3253 advisory. Vulnerability Insight: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'firefox' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-6463 Debian Security Information: DSA-4714 (Google Search) https://www.debian.org/security/2020/dsa-4714 Debian Security Information: DSA-4736 (Google Search) https://www.debian.org/security/2020/dsa-4736 Debian Security Information: DSA-4740 (Google Search) https://www.debian.org/security/2020/dsa-4740 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT/ https://security.gentoo.org/glsa/202007-60 https://security.gentoo.org/glsa/202007-64 https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html https://crbug.com/1065186 https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html SuSE Security Announcement: openSUSE-SU-2020:0823 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html SuSE Security Announcement: openSUSE-SU-2020:0832 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html SuSE Security Announcement: openSUSE-SU-2020:1147 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html SuSE Security Announcement: openSUSE-SU-2020:1155 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html SuSE Security Announcement: openSUSE-SU-2020:1179 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html SuSE Security Announcement: openSUSE-SU-2020:1189 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html SuSE Security Announcement: openSUSE-SU-2020:1205 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html https://usn.ubuntu.com/4443-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-6514 Debian Security Information: DSA-4824 (Google Search) https://www.debian.org/security/2021/dsa-4824 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/ https://security.gentoo.org/glsa/202007-08 https://security.gentoo.org/glsa/202101-30 http://packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html https://crbug.com/1076703 SuSE Security Announcement: openSUSE-SU-2020:1048 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html SuSE Security Announcement: openSUSE-SU-2020:1061 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html SuSE Security Announcement: openSUSE-SU-2020:1148 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html SuSE Security Announcement: openSUSE-SU-2020:1172 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2020-15652 https://bugzilla.mozilla.org/show_bug.cgi?id=1634872 https://www.mozilla.org/security/advisories/mfsa2020-30/ https://www.mozilla.org/security/advisories/mfsa2020-31/ https://www.mozilla.org/security/advisories/mfsa2020-32/ https://www.mozilla.org/security/advisories/mfsa2020-33/ https://www.mozilla.org/security/advisories/mfsa2020-35/ Common Vulnerability Exposure (CVE) ID: CVE-2020-15659 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1550133%2C1633880%2C1643613%2C1644839%2C1645835%2C1646006%2C1646787%2C1649347%2C1650811%2C1651678
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.