ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2023.0266
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2023-0266)
Resumen:	The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2023-0266 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2023-0266 advisory. Vulnerability Insight: Use-after-free in workers. (CVE-2023-3600) File Extension Spoofing using the Text Direction Override Character. (CVE-2023-3417) Offscreen Canvas could have bypassed cross-origin restrictions. (CVE-2023-4045) Incorrect value used during WASM compilation. (CVE-2023-4046) Potential permissions request bypass via clickjacking. (CVE-2023-4047) Crash in DOMParser due to out-of-memory conditions. (CVE-2023-4048) Fix potential race conditions when releasing platform objects. (CVE-2023-4049) Stack buffer overflow in StorageManager. (CVE-2023-4050) Cookie jar overflow caused unexpected cookie jar state. (CVE-2023-4055) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14. (CVE-2023-4056) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. (CVE-2023-4057) Memory corruption in IPC CanvasTranslator. (CVE-2023-4573) Memory corruption in IPC ColorPickerShownCallback. (CVE-2023-4574) Memory corruption in IPC FilePickerShownCallback. (CVE-2023-4575) Integer Overflow in RecordedSourceSurfaceCreation. (CVE-2023-4576) Memory corruption in JIT UpdateRegExpStatics. (CVE-2023-4577) Full screen notification obscured by file open dialog. (CVE-2023-4051) Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception. (CVE-2023-4578) Full screen notification obscured by external program. (CVE-2023-4053) Push notifications saved to disk unencrypted. (CVE-2023-4580) XLL file extensions were downloadable without warnings. (CVE-2023-4581) Browsing Context potentially not cleared when closing Private Window. (CVE-2023-4583) Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2. (CVE-2023-4584) Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. (CVE-2023-4585) Heap buffer overflow in libwebp. (CVE-2023-4863) Affected Software/OS: 'firefox, firefox-l10n, nss, rootcerts, thunderbird, thunderbird-l10n' package(s) on Mageia 8, Mageia 9. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-3600 https://bugzilla.mozilla.org/show_bug.cgi?id=1839703 https://www.mozilla.org/security/advisories/mfsa2023-26/ https://www.mozilla.org/security/advisories/mfsa2023-27/ Common Vulnerability Exposure (CVE) ID: CVE-2023-4045 Debian Security Information: DSA-5464 (Google Search) https://www.debian.org/security/2023/dsa-5464 Debian Security Information: DSA-5469 (Google Search) https://www.debian.org/security/2023/dsa-5469 https://bugzilla.mozilla.org/show_bug.cgi?id=1833876 https://www.mozilla.org/security/advisories/mfsa2023-29/ https://www.mozilla.org/security/advisories/mfsa2023-30/ https://www.mozilla.org/security/advisories/mfsa2023-31/ https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2023-4046 https://bugzilla.mozilla.org/show_bug.cgi?id=1837686 Common Vulnerability Exposure (CVE) ID: CVE-2023-4047 https://bugzilla.mozilla.org/show_bug.cgi?id=1839073 Common Vulnerability Exposure (CVE) ID: CVE-2023-4048 https://bugzilla.mozilla.org/show_bug.cgi?id=1841368 Common Vulnerability Exposure (CVE) ID: CVE-2023-4049 https://bugzilla.mozilla.org/show_bug.cgi?id=1842658 Common Vulnerability Exposure (CVE) ID: CVE-2023-4050 https://bugzilla.mozilla.org/show_bug.cgi?id=1843038 Common Vulnerability Exposure (CVE) ID: CVE-2023-4051 https://bugzilla.mozilla.org/show_bug.cgi?id=1821884 https://www.mozilla.org/security/advisories/mfsa2023-36/ https://www.mozilla.org/security/advisories/mfsa2023-38/ Common Vulnerability Exposure (CVE) ID: CVE-2023-4053 https://bugzilla.mozilla.org/show_bug.cgi?id=1839079 Common Vulnerability Exposure (CVE) ID: CVE-2023-4055 https://bugzilla.mozilla.org/show_bug.cgi?id=1782561 Common Vulnerability Exposure (CVE) ID: CVE-2023-4056 Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847 Common Vulnerability Exposure (CVE) ID: CVE-2023-4057 Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 https://bugzilla.mozilla.org/show_bug.cgi?id=1841682 https://www.mozilla.org/security/advisories/mfsa2023-33/ Common Vulnerability Exposure (CVE) ID: CVE-2023-4573 https://bugzilla.mozilla.org/show_bug.cgi?id=1846687 https://www.mozilla.org/security/advisories/mfsa2023-34/ https://www.mozilla.org/security/advisories/mfsa2023-35/ https://www.mozilla.org/security/advisories/mfsa2023-37/ Common Vulnerability Exposure (CVE) ID: CVE-2023-4574 https://bugzilla.mozilla.org/show_bug.cgi?id=1846688 Common Vulnerability Exposure (CVE) ID: CVE-2023-4575 https://bugzilla.mozilla.org/show_bug.cgi?id=1846689 Common Vulnerability Exposure (CVE) ID: CVE-2023-4576 https://bugzilla.mozilla.org/show_bug.cgi?id=1846694 Common Vulnerability Exposure (CVE) ID: CVE-2023-4577 https://bugzilla.mozilla.org/show_bug.cgi?id=1847397 Common Vulnerability Exposure (CVE) ID: CVE-2023-4578 https://bugzilla.mozilla.org/show_bug.cgi?id=1839007 Common Vulnerability Exposure (CVE) ID: CVE-2023-4580 https://bugzilla.mozilla.org/show_bug.cgi?id=1843046 Common Vulnerability Exposure (CVE) ID: CVE-2023-4581 https://bugzilla.mozilla.org/show_bug.cgi?id=1843758 Common Vulnerability Exposure (CVE) ID: CVE-2023-4583 https://bugzilla.mozilla.org/show_bug.cgi?id=1842030 Common Vulnerability Exposure (CVE) ID: CVE-2023-4584 Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1843968%2C1845205%2C1846080%2C1846526%2C1847529 Common Vulnerability Exposure (CVE) ID: CVE-2023-4585 Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1751583%2C1841082%2C1847904%2C1848999 Common Vulnerability Exposure (CVE) ID: CVE-2023-4863 https://security.gentoo.org/glsa/202401-10 http://www.openwall.com/lists/oss-security/2023/09/21/4 http://www.openwall.com/lists/oss-security/2023/09/22/1 http://www.openwall.com/lists/oss-security/2023/09/22/3 http://www.openwall.com/lists/oss-security/2023/09/22/4 http://www.openwall.com/lists/oss-security/2023/09/22/5 http://www.openwall.com/lists/oss-security/2023/09/22/6 http://www.openwall.com/lists/oss-security/2023/09/22/7 http://www.openwall.com/lists/oss-security/2023/09/22/8 http://www.openwall.com/lists/oss-security/2023/09/26/1 http://www.openwall.com/lists/oss-security/2023/09/26/7 http://www.openwall.com/lists/oss-security/2023/09/28/1 http://www.openwall.com/lists/oss-security/2023/09/28/2 http://www.openwall.com/lists/oss-security/2023/09/28/4 https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/ https://blog.isosceles.com/the-webp-0day/ https://bugzilla.suse.com/show_bug.cgi?id=1215231 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html https://crbug.com/1479274 https://en.bandisoft.com/honeyview/history/ https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a https://github.com/webmproject/libwebp/releases/tag/v1.3.2 https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863 https://news.ycombinator.com/item?id=37478403 https://security-tracker.debian.org/tracker/CVE-2023-4863 https://security.gentoo.org/glsa/202309-05 https://security.netapp.com/advisory/ntap-20230929-0011/ https://sethmlarson.dev/security-developer-in-residence-weekly-report-16 https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.bentley.com/advisories/be-2023-0001/ https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/ https://www.debian.org/security/2023/dsa-5496 https://www.debian.org/security/2023/dsa-5497 https://www.debian.org/security/2023/dsa-5498 https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
Copyright	Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.