Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0354)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0354

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0354)

Resumen: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2021-0354 advisory.

Descripción: Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2021-0354 advisory.

Vulnerability Insight:
A malicious webpage could have triggered a use-after-free in accessibility
features of a document, causing memory corruption and a potentially exploitable
crash when accessibility was enabled (CVE-2021-29970).

Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and
Olli Pettay reported memory safety bugs present in Firefox ESR 78.11. Some of
these bugs showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run arbitrary code
(CVE-2021-29976).

An out of bounds write in ANGLE could have allowed an attacker to corrupt
memory leading to a potentially exploitable crash (CVE-2021-30547).

Affected Software/OS:
'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-29970
https://security.gentoo.org/glsa/202202-03
https://security.gentoo.org/glsa/202208-14
https://bugzilla.mozilla.org/show_bug.cgi?id=1709976
https://www.mozilla.org/security/advisories/mfsa2021-28/
https://www.mozilla.org/security/advisories/mfsa2021-29/
https://www.mozilla.org/security/advisories/mfsa2021-30/
Common Vulnerability Exposure (CVE) ID: CVE-2021-29976
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391
Common Vulnerability Exposure (CVE) ID: CVE-2021-30547
Debian Security Information: DSA-4939 (Google Search)
https://www.debian.org/security/2021/dsa-4939
Debian Security Information: DSA-4940 (Google Search)
https://www.debian.org/security/2021/dsa-4940
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
https://crbug.com/1210414
https://lists.debian.org/debian-lts-announce/2021/07/msg00009.html
https://lists.debian.org/debian-lts-announce/2021/07/msg00010.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0354
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0354)
Resumen:	The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2021-0354 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2021-0354 advisory. Vulnerability Insight: A malicious webpage could have triggered a use-after-free in accessibility features of a document, causing memory corruption and a potentially exploitable crash when accessibility was enabled (CVE-2021-29970). Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-29976). An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash (CVE-2021-30547). Affected Software/OS: 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-29970 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://bugzilla.mozilla.org/show_bug.cgi?id=1709976 https://www.mozilla.org/security/advisories/mfsa2021-28/ https://www.mozilla.org/security/advisories/mfsa2021-29/ https://www.mozilla.org/security/advisories/mfsa2021-30/ Common Vulnerability Exposure (CVE) ID: CVE-2021-29976 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391 Common Vulnerability Exposure (CVE) ID: CVE-2021-30547 Debian Security Information: DSA-4939 (Google Search) https://www.debian.org/security/2021/dsa-4939 Debian Security Information: DSA-4940 (Google Search) https://www.debian.org/security/2021/dsa-4940 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/ https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html https://crbug.com/1210414 https://lists.debian.org/debian-lts-announce/2021/07/msg00009.html https://lists.debian.org/debian-lts-announce/2021/07/msg00010.html
Copyright	Copyright (C) 2022 Greenbone AG