| Description: | Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2019-0268 advisory.
Vulnerability Insight:
The updated packages fix several bugs and some security issues:
Sandbox escape through Firefox Sync. (CVE-2019-9812)
Stored passwords in 'Saved Logins' can be copied without master password
entry. (CVE-2019-11733)
Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1.
(CVE-2019-11735)
File manipulation and privilege escalation in Mozilla Maintenance Service.
(CVE-2019-11736)
Content security policy bypass through hash-based sources in directives.
(CVE-2019-11738)
Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
ESR 60.9. (CVE-2019-11740)
Same-origin policy violation with SVG filters and canvas to steal
cross-origin images. (CVE-2019-11742)
Cross-origin access to unload event attributes. (CVE-2019-11743)
XSS by breaking out of title and textarea elements using innerHTML.
(CVE-2019-11744)
Use-after-free while manipulating video. (CVE-2019-11746)
'Forget about this site' removes sites from pre-loaded HSTS list.
(CVE-2019-11747)
Persistence of WebRTC permissions in a third party context. (CVE-2019-11748)
Camera information available without prompting using getUserMedia.
(CVE-2019-11749)
Type confusion in Spidermonkey. (CVE-2019-11750)
Malicious code execution through command line parameters. (CVE-2019-11751)
Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752)
Privilege escalation with Mozilla Maintenance Service in custom Firefox
installation location. (CVE-2019-11753)
Affected Software/OS:
'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) on Mageia 7.
Solution:
Please install the updated package(s).
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
