Test ID:	1.3.6.1.4.1.25623.1.0.826446
Category:	General
Title:	Mozilla Firefox ESR Security Advisory (MFSA2021-49) - Mac OS X
Summary:	Mozilla Firefox ESR is prone to multiple; vulnerabilities.
Description:	Summary: Mozilla Firefox ESR is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to, - iframe sandbox rules did not apply to XSLT stylesheets. - Use-after-free in file picker dialog. - Firefox could be coaxed into going into fullscreen mode without notification or warning. - Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports. - Use-after-free in HTTP2 Session object. - Permission Prompt could be overlaid, resulting in user confusion and potential spoofing. - Javascript alert box could have been spoofed onto an arbitrary domain. - Download Protections were bypassed by .inetloc files on Mac OS X. - Memory safety bugs. Vulnerability Impact: Successful exploitation will allow attackers to run arbitrary code, bypass security restrictions, conduct spoofing and cause a denial of service on affected system. Affected Software/OS: Mozilla Firefox ESR version before 91.3 on Mac OS X. Solution: Upgrade to Mozilla Firefox ESR version 91.3 or later, Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-38503 Debian Security Information: DSA-5026 (Google Search) https://www.debian.org/security/2021/dsa-5026 Debian Security Information: DSA-5034 (Google Search) https://www.debian.org/security/2022/dsa-5034 https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://bugzilla.mozilla.org/show_bug.cgi?id=1729517 https://www.mozilla.org/security/advisories/mfsa2021-48/ https://www.mozilla.org/security/advisories/mfsa2021-49/ https://www.mozilla.org/security/advisories/mfsa2021-50/ https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2021-38504 https://bugzilla.mozilla.org/show_bug.cgi?id=1730156 Common Vulnerability Exposure (CVE) ID: CVE-2021-43534 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1606864%2C1712671%2C1730048%2C1735152 Common Vulnerability Exposure (CVE) ID: CVE-2021-38506 https://bugzilla.mozilla.org/show_bug.cgi?id=1730750 Common Vulnerability Exposure (CVE) ID: CVE-2021-38507 https://bugzilla.mozilla.org/show_bug.cgi?id=1730935 Common Vulnerability Exposure (CVE) ID: CVE-2021-43535 https://bugzilla.mozilla.org/show_bug.cgi?id=1667102 https://www.mozilla.org/security/advisories/mfsa2021-43/ Common Vulnerability Exposure (CVE) ID: CVE-2021-38508 https://bugzilla.mozilla.org/show_bug.cgi?id=1366818 Common Vulnerability Exposure (CVE) ID: CVE-2021-38509 https://bugzilla.mozilla.org/show_bug.cgi?id=1718571 Common Vulnerability Exposure (CVE) ID: CVE-2021-38510 https://bugzilla.mozilla.org/show_bug.cgi?id=1731779
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.