English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2020.0141
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2020-0141)
Resumen:The remote host is missing an update for the 'firefox, firefox-l10n, nss' package(s) announced via the MGASA-2020-0141 advisory.
Descripción:Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, nss' package(s) announced via the MGASA-2020-0141 advisory.

Vulnerability Insight:
Updated firefox packages fix security vulnerabilities:

The inputs to sctp_load_addresses_from_init are verified by
sctp_arethere_unrecognized_parameters, however, the two functions
handled parameter bounds differently, resulting in out of bounds
reads when parameters are partially outside a chunk (CVE-2019-20503).

When removing data about an origin whose tab was recently closed,
a use-after-free could occur in the Quota manager, resulting in a
potentially exploitable crash (CVE-2020-6805).

By carefully crafting promise resolutions, it was possible to cause an
out-of-bounds read off the end of an array resized during script execution.
This could have led to memory corruption and a potentially exploitable
crash (CVE-2020-6806).

When a device was changed while a stream was about to be destroyed, the
stream-reinit task may have been executed after the stream was destroyed,
causing a use-after-free and a potentially exploitable crash
(CVE-2020-6807).

The 'Copy as cURL' feature of Devtools' network tab did not properly escape
the HTTP method of a request, which can be controlled by the website. If a
user used the 'Copy as Curl' feature and pasted the command into a terminal,
it could have resulted in command injection and arbitrary command execution
(CVE-2020-6811).

The first time AirPods are connected to an iPhone, they become named after
the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera
or microphone permission are able to enumerate device names, disclosing the
user's name. To resolve this issue, Firefox added a special case that
renames devices containing the substring 'AirPods' to simply 'AirPods'
(CVE-2020-6812).

Mozilla developers and community members Byron Campen, Jason Kratzer, and
Christian Holler reported memory safety bugs present in Firefox 73 and
Firefox ESR 68.5. Some of these bugs showed evidence of memory corruption
and we presume that with enough effort some of these could have been
exploited to run arbitrary code (CVE-2020-6814).

nss has been updated to 3.51 fixing various bugs and crashes.

Affected Software/OS:
'firefox, firefox-l10n, nss' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-20503
Debian Security Information: DSA-4639 (Google Search)
https://www.debian.org/security/2020/dsa-4639
Debian Security Information: DSA-4642 (Google Search)
https://www.debian.org/security/2020/dsa-4642
Debian Security Information: DSA-4645 (Google Search)
https://www.debian.org/security/2020/dsa-4645
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/
http://seclists.org/fulldisclosure/2020/May/49
http://seclists.org/fulldisclosure/2020/May/59
http://seclists.org/fulldisclosure/2020/May/55
http://seclists.org/fulldisclosure/2020/May/52
https://security.gentoo.org/glsa/202003-02
https://security.gentoo.org/glsa/202003-10
https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
https://crbug.com/1059349
https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
https://support.apple.com/HT211168
https://support.apple.com/HT211171
https://support.apple.com/HT211175
https://support.apple.com/HT211177
https://lists.debian.org/debian-lts-announce/2020/03/msg00013.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00023.html
https://lists.debian.org/debian-lts-announce/2023/07/msg00003.html
RedHat Security Advisories: RHSA-2020:0815
https://access.redhat.com/errata/RHSA-2020:0815
RedHat Security Advisories: RHSA-2020:0816
https://access.redhat.com/errata/RHSA-2020:0816
RedHat Security Advisories: RHSA-2020:0819
https://access.redhat.com/errata/RHSA-2020:0819
RedHat Security Advisories: RHSA-2020:0820
https://access.redhat.com/errata/RHSA-2020:0820
SuSE Security Announcement: openSUSE-SU-2020:0340 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html
SuSE Security Announcement: openSUSE-SU-2020:0365 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
SuSE Security Announcement: openSUSE-SU-2020:0366 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html
SuSE Security Announcement: openSUSE-SU-2020:0389 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html
https://usn.ubuntu.com/4299-1/
https://usn.ubuntu.com/4328-1/
https://usn.ubuntu.com/4335-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-6805
https://bugzilla.mozilla.org/show_bug.cgi?id=1610880
https://www.mozilla.org/security/advisories/mfsa2020-08/
https://www.mozilla.org/security/advisories/mfsa2020-09/
https://www.mozilla.org/security/advisories/mfsa2020-10/
Common Vulnerability Exposure (CVE) ID: CVE-2020-6806
http://packetstormsecurity.com/files/157524/Firefox-js-ReadableStreamCloseInternal-Out-Of-Bounds-Access.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1612308
Common Vulnerability Exposure (CVE) ID: CVE-2020-6807
https://bugzilla.mozilla.org/show_bug.cgi?id=1614971
Common Vulnerability Exposure (CVE) ID: CVE-2020-6811
https://bugzilla.mozilla.org/show_bug.cgi?id=1607742
Common Vulnerability Exposure (CVE) ID: CVE-2020-6812
https://bugzilla.mozilla.org/show_bug.cgi?id=1616661
Common Vulnerability Exposure (CVE) ID: CVE-2020-6814
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1592078%2C1604847%2C1608256%2C1612636%2C1614339
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.