Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0093)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0093

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0093)

Resumen: The remote host is missing an update for the 'firefox, firefox-l10n' package(s) announced via the MGASA-2022-0093 advisory.

Descripción: Summary:
The remote host is missing an update for the 'firefox, firefox-l10n' package(s) announced via the MGASA-2022-0093 advisory.

Vulnerability Insight:
An attacker could have caused a use-after-free by forcing a text reflow in an
SVG object leading to a potentially exploitable crash (CVE-2022-26381).

When resizing a popup after requesting fullscreen access, the popup would not
display the fullscreen notification (CVE-2022-26383).

If an attacker could control the contents of an iframe sandboxed with
allow-popups but not allow-scripts, they were able to craft a link that, when
clicked, would lead to JavaScript execution in violation of the sandbox
(CVE-2022-26384).

Previously Firefox for macOS and Linux would download temporary files to a
user-specific directory in /tmp, but this behavior was changed to download
them to /tmp where they could be affected by other local users. This behavior
was reverted to the original, user-specific directory (CVE-2022-26386).

When installing an add-on, Firefox verified the signature before prompting
the user, but while the user was confirming the prompt, the underlying add-on
file could have been modified and Firefox would not have noticed
(CVE-2022-26387).

Affected Software/OS:
'firefox, firefox-l10n' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-26381
https://bugzilla.mozilla.org/show_bug.cgi?id=1736243
https://www.mozilla.org/security/advisories/mfsa2022-10/
https://www.mozilla.org/security/advisories/mfsa2022-11/
https://www.mozilla.org/security/advisories/mfsa2022-12/
Common Vulnerability Exposure (CVE) ID: CVE-2022-26383
https://bugzilla.mozilla.org/show_bug.cgi?id=1742421
Common Vulnerability Exposure (CVE) ID: CVE-2022-26384
https://bugzilla.mozilla.org/show_bug.cgi?id=1744352
Common Vulnerability Exposure (CVE) ID: CVE-2022-26386
https://bugzilla.mozilla.org/show_bug.cgi?id=1752396
Common Vulnerability Exposure (CVE) ID: CVE-2022-26387
https://bugzilla.mozilla.org/show_bug.cgi?id=1752979

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0093
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0093)
Resumen:	The remote host is missing an update for the 'firefox, firefox-l10n' package(s) announced via the MGASA-2022-0093 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n' package(s) announced via the MGASA-2022-0093 advisory. Vulnerability Insight: An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash (CVE-2022-26381). When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification (CVE-2022-26383). If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox (CVE-2022-26384). Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory (CVE-2022-26386). When installing an add-on, Firefox verified the signature before prompting the user, but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed (CVE-2022-26387). Affected Software/OS: 'firefox, firefox-l10n' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-26381 https://bugzilla.mozilla.org/show_bug.cgi?id=1736243 https://www.mozilla.org/security/advisories/mfsa2022-10/ https://www.mozilla.org/security/advisories/mfsa2022-11/ https://www.mozilla.org/security/advisories/mfsa2022-12/ Common Vulnerability Exposure (CVE) ID: CVE-2022-26383 https://bugzilla.mozilla.org/show_bug.cgi?id=1742421 Common Vulnerability Exposure (CVE) ID: CVE-2022-26384 https://bugzilla.mozilla.org/show_bug.cgi?id=1744352 Common Vulnerability Exposure (CVE) ID: CVE-2022-26386 https://bugzilla.mozilla.org/show_bug.cgi?id=1752396 Common Vulnerability Exposure (CVE) ID: CVE-2022-26387 https://bugzilla.mozilla.org/show_bug.cgi?id=1752979
Copyright	Copyright (C) 2022 Greenbone AG