Test ID:	1.3.6.1.4.1.25623.1.0.843383
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3477-2)
Summary:	The remote host is missing an update for the 'firefox' package(s) announced via the USN-3477-2 advisory.
Description:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the USN-3477-2 advisory. Vulnerability Insight: USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842) It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7839) It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7840) Affected Software/OS: 'firefox' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 17.04, Ubuntu 17.10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7826 BugTraq ID: 101832 http://www.securityfocus.com/bid/101832 Debian Security Information: DSA-4035 (Google Search) https://www.debian.org/security/2017/dsa-4035 Debian Security Information: DSA-4061 (Google Search) https://www.debian.org/security/2017/dsa-4061 Debian Security Information: DSA-4075 (Google Search) https://www.debian.org/security/2017/dsa-4075 https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html RedHat Security Advisories: RHSA-2017:3247 https://access.redhat.com/errata/RHSA-2017:3247 RedHat Security Advisories: RHSA-2017:3372 https://access.redhat.com/errata/RHSA-2017:3372 http://www.securitytracker.com/id/1039803 https://usn.ubuntu.com/3688-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7827 Common Vulnerability Exposure (CVE) ID: CVE-2017-7828 Common Vulnerability Exposure (CVE) ID: CVE-2017-7830 Common Vulnerability Exposure (CVE) ID: CVE-2017-7831 Common Vulnerability Exposure (CVE) ID: CVE-2017-7832 Common Vulnerability Exposure (CVE) ID: CVE-2017-7833 Common Vulnerability Exposure (CVE) ID: CVE-2017-7834 Common Vulnerability Exposure (CVE) ID: CVE-2017-7835 Common Vulnerability Exposure (CVE) ID: CVE-2017-7837 Common Vulnerability Exposure (CVE) ID: CVE-2017-7838 Common Vulnerability Exposure (CVE) ID: CVE-2017-7839 Common Vulnerability Exposure (CVE) ID: CVE-2017-7840 Common Vulnerability Exposure (CVE) ID: CVE-2017-7842
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.