Test ID:	1.3.6.1.4.1.25623.1.0.817212
Category:	General
Title:	Mozilla Firefox ESR Security Advisory (MFSA2020-25) - Windows
Summary:	Mozilla Firefox ESR is prone to multiple vulnerabilities.
Description:	Summary: Mozilla Firefox ESR is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Memory corruption due to missing sign-extension for ValueTags on ARM64. - Information disclosure due to manipulated URL object. - Use-after-free in nsGlobalWindowInner. - Use-After-Free when trying to connect to a STUN server. - Add-On updates did not respect the same certificate trust rules as software updates. Vulnerability Impact: Successful exploitation will allow attackers to conduct a denial-of-service or out-of-bounds read on affected system. Affected Software/OS: Mozilla Firefox ESR version before 68.10 on Windows. Solution: Update to Mozilla Firefox ESR version 68.10 or later. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-12417 https://security.gentoo.org/glsa/202007-09 https://security.gentoo.org/glsa/202007-10 https://bugzilla.mozilla.org/show_bug.cgi?id=1640737 https://www.mozilla.org/security/advisories/mfsa2020-24/ https://www.mozilla.org/security/advisories/mfsa2020-25/ https://www.mozilla.org/security/advisories/mfsa2020-26/ SuSE Security Announcement: openSUSE-SU-2020:0967 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html SuSE Security Announcement: openSUSE-SU-2020:0982 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html SuSE Security Announcement: openSUSE-SU-2020:0983 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html SuSE Security Announcement: openSUSE-SU-2020:1017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://usn.ubuntu.com/4421-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-12418 https://bugzilla.mozilla.org/show_bug.cgi?id=1641303 Common Vulnerability Exposure (CVE) ID: CVE-2020-12419 https://bugzilla.mozilla.org/show_bug.cgi?id=1643874 Common Vulnerability Exposure (CVE) ID: CVE-2020-12420 https://bugzilla.mozilla.org/show_bug.cgi?id=1643437 Common Vulnerability Exposure (CVE) ID: CVE-2020-12421 https://bugzilla.mozilla.org/show_bug.cgi?id=1308251
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.