General : Mozilla Firefox ESR Security Updates(mfsa_2018-24

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 150599 CVE descriptions and 73533 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.814416

Category: General

Title: Mozilla Firefox ESR Security Updates(mfsa_2018-24_2018-24)-Windows

Summary: This host is installed with; Mozilla Firefox ESR and is prone to multiple vulnerabilities.

Description: Summary:
This host is installed with
Mozilla Firefox ESR and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exists due to,

- Poor event handling in nested loops while opening a document through script.

- A WebExtension can bypass domain restrictions through domain fronting.

- A WebExtension can run content scripts in disallowed contexts following
navigation or other events.

- A WebExtension can request access to local files without the warning prompt.

- Memory safety bugs.

Vulnerability Impact:
Successful exploitation will allow attackers
to run arbitrary code, denial of service and cause denial of service.

Affected Software/OS:
Mozilla Firefox ESR version before 60.3 on Windows.

Solution:
Upgrade to Mozilla Firefox ESR version 60.3
or later. Please see the references for more information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-12392
Common Vulnerability Exposure (CVE) ID: CVE-2018-12395
Common Vulnerability Exposure (CVE) ID: CVE-2018-12396
Common Vulnerability Exposure (CVE) ID: CVE-2018-12397
Common Vulnerability Exposure (CVE) ID: CVE-2018-12389
Common Vulnerability Exposure (CVE) ID: CVE-2018-12390

Copyright Copyright (C) 2018 Greenbone Networks GmbH

This is only one of 73533 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.814416
Category:	General
Title:	Mozilla Firefox ESR Security Updates(mfsa_2018-24_2018-24)-Windows
Summary:	This host is installed with; Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Description:	Summary: This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exists due to, - Poor event handling in nested loops while opening a document through script. - A WebExtension can bypass domain restrictions through domain fronting. - A WebExtension can run content scripts in disallowed contexts following navigation or other events. - A WebExtension can request access to local files without the warning prompt. - Memory safety bugs. Vulnerability Impact: Successful exploitation will allow attackers to run arbitrary code, denial of service and cause denial of service. Affected Software/OS: Mozilla Firefox ESR version before 60.3 on Windows. Solution: Upgrade to Mozilla Firefox ESR version 60.3 or later. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12392 Common Vulnerability Exposure (CVE) ID: CVE-2018-12395 Common Vulnerability Exposure (CVE) ID: CVE-2018-12396 Common Vulnerability Exposure (CVE) ID: CVE-2018-12397 Common Vulnerability Exposure (CVE) ID: CVE-2018-12389 Common Vulnerability Exposure (CVE) ID: CVE-2018-12390
Copyright	Copyright (C) 2018 Greenbone Networks GmbH