Test ID:	1.3.6.1.4.1.25623.1.1.10.2018.0248
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2018-0248)
Summary:	The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts' package(s) announced via the MGASA-2018-0248 advisory.
Description:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts' package(s) announced via the MGASA-2018-0248 advisory. Vulnerability Insight: Updated firefox packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox ESR 52.8 (CVE-2018-5150). Mozilla: Backport critical security fixes in Skia (CVE-2018-5183). Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154). Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155). Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files (CVE-2018-5157). Mozilla: Malicious PDF can inject JavaScript into PDF Viewer (CVE-2018-5158). Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159). Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168). Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178). Rootcerts has been updated to 20180411. Affected Software/OS: 'firefox, firefox-l10n, nss, rootcerts' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-5150 BugTraq ID: 104136 http://www.securityfocus.com/bid/104136 Debian Security Information: DSA-4199 (Google Search) https://www.debian.org/security/2018/dsa-4199 Debian Security Information: DSA-4209 (Google Search) https://www.debian.org/security/2018/dsa-4209 https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html RedHat Security Advisories: RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1414 RedHat Security Advisories: RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1415 RedHat Security Advisories: RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1725 RedHat Security Advisories: RHSA-2018:1726 https://access.redhat.com/errata/RHSA-2018:1726 http://www.securitytracker.com/id/1040896 https://usn.ubuntu.com/3645-1/ https://usn.ubuntu.com/3660-1/ https://usn.ubuntu.com/3688-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5153 BugTraq ID: 104139 http://www.securityfocus.com/bid/104139 Common Vulnerability Exposure (CVE) ID: CVE-2018-5154 Common Vulnerability Exposure (CVE) ID: CVE-2018-5155 Common Vulnerability Exposure (CVE) ID: CVE-2018-5157 Common Vulnerability Exposure (CVE) ID: CVE-2018-5158 Common Vulnerability Exposure (CVE) ID: CVE-2018-5159 https://www.exploit-db.com/exploits/44759/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5168 Common Vulnerability Exposure (CVE) ID: CVE-2018-5178 BugTraq ID: 104138 http://www.securityfocus.com/bid/104138 http://www.securitytracker.com/id/1040898
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.