![]() |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2021.0065 |
Categoría: | Mageia Linux Local Security Checks |
Título: | Mageia: Security Advisory (MGASA-2021-0065) |
Resumen: | The remote host is missing an update for the 'crypto-policies, firefox, firefox-l10n, nss' package(s) announced via the MGASA-2021-0065 advisory. |
Descripción: | Summary: The remote host is missing an update for the 'crypto-policies, firefox, firefox-l10n, nss' package(s) announced via the MGASA-2021-0065 advisory. Vulnerability Insight: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing (CVE-2020-26976). If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data (CVE-2021-23953). Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash (CVE-2021-23954). Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash (CVE-2021-23960). Mozilla developers Alexis Beingessner, Christian Holler, Andrew McCreight, Tyson Smith, Jon Coppeard, Andre Bargull, Jason Kratzer, Jesse Schwartzentruber, Steve Fink, Byron Campen reported memory safety bugs present in Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-23964). Affected Software/OS: 'crypto-policies, firefox, firefox-l10n, nss' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-26976 Debian Security Information: DSA-4840 (Google Search) https://www.debian.org/security/2021/dsa-4840 Debian Security Information: DSA-4842 (Google Search) https://www.debian.org/security/2021/dsa-4842 https://security.gentoo.org/glsa/202102-02 https://bugzilla.mozilla.org/show_bug.cgi?id=1674343 https://www.mozilla.org/security/advisories/mfsa2020-54/ https://lists.debian.org/debian-lts-announce/2021/02/msg00001.html https://lists.debian.org/debian-lts-announce/2021/02/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2021-23953 https://bugzilla.mozilla.org/show_bug.cgi?id=1683940 https://www.mozilla.org/security/advisories/mfsa2021-03/ https://www.mozilla.org/security/advisories/mfsa2021-04/ https://www.mozilla.org/security/advisories/mfsa2021-05/ Common Vulnerability Exposure (CVE) ID: CVE-2021-23954 https://bugzilla.mozilla.org/show_bug.cgi?id=1684020 Common Vulnerability Exposure (CVE) ID: CVE-2021-23960 https://bugzilla.mozilla.org/show_bug.cgi?id=1675755 Common Vulnerability Exposure (CVE) ID: CVE-2021-23964 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662507%2C1666285%2C1673526%2C1674278%2C1674835%2C1675097%2C1675844%2C1675868%2C1677590%2C1677888%2C1680410%2C1681268%2C1682068%2C1682938%2C1683736%2C1685260%2C1685925 |
Copyright | Copyright (C) 2022 Greenbone AG |
Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |