 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2021.0065 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2021-0065) |
| Summary: | The remote host is missing an update for the 'crypto-policies, firefox, firefox-l10n, nss' package(s) announced via the MGASA-2021-0065 advisory. |
| Description: | Summary: The remote host is missing an update for the 'crypto-policies, firefox, firefox-l10n, nss' package(s) announced via the MGASA-2021-0065 advisory. Vulnerability Insight: When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing (CVE-2020-26976). If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data (CVE-2021-23953). Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash (CVE-2021-23954). Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash (CVE-2021-23960). Mozilla developers Alexis Beingessner, Christian Holler, Andrew McCreight, Tyson Smith, Jon Coppeard, Andre Bargull, Jason Kratzer, Jesse Schwartzentruber, Steve Fink, Byron Campen reported memory safety bugs present in Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-23964). Affected Software/OS: 'crypto-policies, firefox, firefox-l10n, nss' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-26976 Debian Security Information: DSA-4840 (Google Search) https://www.debian.org/security/2021/dsa-4840 Debian Security Information: DSA-4842 (Google Search) https://www.debian.org/security/2021/dsa-4842 https://security.gentoo.org/glsa/202102-02 https://bugzilla.mozilla.org/show_bug.cgi?id=1674343 https://www.mozilla.org/security/advisories/mfsa2020-54/ https://lists.debian.org/debian-lts-announce/2021/02/msg00001.html https://lists.debian.org/debian-lts-announce/2021/02/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2021-23953 https://bugzilla.mozilla.org/show_bug.cgi?id=1683940 https://www.mozilla.org/security/advisories/mfsa2021-03/ https://www.mozilla.org/security/advisories/mfsa2021-04/ https://www.mozilla.org/security/advisories/mfsa2021-05/ Common Vulnerability Exposure (CVE) ID: CVE-2021-23954 https://bugzilla.mozilla.org/show_bug.cgi?id=1684020 Common Vulnerability Exposure (CVE) ID: CVE-2021-23960 https://bugzilla.mozilla.org/show_bug.cgi?id=1675755 Common Vulnerability Exposure (CVE) ID: CVE-2021-23964 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662507%2C1666285%2C1673526%2C1674278%2C1674835%2C1675097%2C1675844%2C1675868%2C1677590%2C1677888%2C1680410%2C1681268%2C1682068%2C1682938%2C1683736%2C1685260%2C1685925 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |