CentOS Local Security Checks : CentOS: Security Advisory for firefox (CESA-2022:6179)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.884239

Categoría: CentOS Local Security Checks

Título: CentOS: Security Advisory for firefox (CESA-2022:6179)

Resumen: The remote host is missing an update for the 'firefox'; package(s) announced via the CESA-2022:6179 advisory.

Descripción: Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the CESA-2022:6179 advisory.

Vulnerability Insight:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 91.13.0 ESR.

Security Fix(es):

* Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472)

* Mozilla: Cross-origin XSLT Documents would have inherited the parent's
permissions (CVE-2022-38473)

* Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
(CVE-2022-38477)

* Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and
Firefox ESR 91.13 (CVE-2022-38478)

* Mozilla: Data race and potential use-after-free in PK11_ChangePW
(CVE-2022-38476)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Affected Software/OS:
'firefox' package(s) on CentOS 7.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-38472
https://bugzilla.mozilla.org/show_bug.cgi?id=1769155
https://www.mozilla.org/security/advisories/mfsa2022-33/
https://www.mozilla.org/security/advisories/mfsa2022-34/
https://www.mozilla.org/security/advisories/mfsa2022-35/
https://www.mozilla.org/security/advisories/mfsa2022-36/
https://www.mozilla.org/security/advisories/mfsa2022-37/
Common Vulnerability Exposure (CVE) ID: CVE-2022-38473
https://bugzilla.mozilla.org/show_bug.cgi?id=1771685
Common Vulnerability Exposure (CVE) ID: CVE-2022-38476
https://bugzilla.mozilla.org/show_bug.cgi?id=1760998
Common Vulnerability Exposure (CVE) ID: CVE-2022-38477
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760611%2C1770219%2C1771159%2C1773363
Common Vulnerability Exposure (CVE) ID: CVE-2022-38478
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1770630%2C1776658

Copyright Copyright (C) 2022 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.884239
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for firefox (CESA-2022:6179)
Resumen:	The remote host is missing an update for the 'firefox'; package(s) announced via the CESA-2022:6179 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the CESA-2022:6179 advisory. Vulnerability Insight: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.13.0 ESR. Security Fix(es): * Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472) * Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions (CVE-2022-38473) * Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 (CVE-2022-38477) * Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 (CVE-2022-38478) * Mozilla: Data race and potential use-after-free in PK11_ChangePW (CVE-2022-38476) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'firefox' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-38472 https://bugzilla.mozilla.org/show_bug.cgi?id=1769155 https://www.mozilla.org/security/advisories/mfsa2022-33/ https://www.mozilla.org/security/advisories/mfsa2022-34/ https://www.mozilla.org/security/advisories/mfsa2022-35/ https://www.mozilla.org/security/advisories/mfsa2022-36/ https://www.mozilla.org/security/advisories/mfsa2022-37/ Common Vulnerability Exposure (CVE) ID: CVE-2022-38473 https://bugzilla.mozilla.org/show_bug.cgi?id=1771685 Common Vulnerability Exposure (CVE) ID: CVE-2022-38476 https://bugzilla.mozilla.org/show_bug.cgi?id=1760998 Common Vulnerability Exposure (CVE) ID: CVE-2022-38477 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760611%2C1770219%2C1771159%2C1773363 Common Vulnerability Exposure (CVE) ID: CVE-2022-38478 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1770630%2C1776658
Copyright	Copyright (C) 2022 Greenbone Networks GmbH