Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0309)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0309

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0309)

Resumen: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss' package(s) announced via the MGASA-2022-0309 advisory.

Descripción: Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss' package(s) announced via the MGASA-2022-0309 advisory.

Vulnerability Insight:
An attacker could have abused XSLT error handling to associate
attacker-controlled content with another origin which was displayed in the
address bar. This could have been used to fool the user into submitting
data intended for the spoofed origin (CVE-2022-38472).

A cross-origin iframe referencing an XSLT document would inherit the
parent domain's permissions (such as microphone or camera access)
(CVE-2022-38473).

Members the Mozilla Fuzzing Team reported memory safety bugs present in
Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption
and we presume that with enough effort some of these could have been
exploited to run arbitrary code (CVE-2022-38478).

Affected Software/OS:
'firefox, firefox-l10n, nspr, nss' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-38472
https://bugzilla.mozilla.org/show_bug.cgi?id=1769155
https://www.mozilla.org/security/advisories/mfsa2022-33/
https://www.mozilla.org/security/advisories/mfsa2022-34/
https://www.mozilla.org/security/advisories/mfsa2022-35/
https://www.mozilla.org/security/advisories/mfsa2022-36/
https://www.mozilla.org/security/advisories/mfsa2022-37/
Common Vulnerability Exposure (CVE) ID: CVE-2022-38473
https://bugzilla.mozilla.org/show_bug.cgi?id=1771685
Common Vulnerability Exposure (CVE) ID: CVE-2022-38478
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1770630%2C1776658

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0309
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0309)
Resumen:	The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss' package(s) announced via the MGASA-2022-0309 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss' package(s) announced via the MGASA-2022-0309 advisory. Vulnerability Insight: An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin (CVE-2022-38472). A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access) (CVE-2022-38473). Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2022-38478). Affected Software/OS: 'firefox, firefox-l10n, nspr, nss' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-38472 https://bugzilla.mozilla.org/show_bug.cgi?id=1769155 https://www.mozilla.org/security/advisories/mfsa2022-33/ https://www.mozilla.org/security/advisories/mfsa2022-34/ https://www.mozilla.org/security/advisories/mfsa2022-35/ https://www.mozilla.org/security/advisories/mfsa2022-36/ https://www.mozilla.org/security/advisories/mfsa2022-37/ Common Vulnerability Exposure (CVE) ID: CVE-2022-38473 https://bugzilla.mozilla.org/show_bug.cgi?id=1771685 Common Vulnerability Exposure (CVE) ID: CVE-2022-38478 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1770630%2C1776658
Copyright	Copyright (C) 2022 Greenbone AG