 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.843475 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-3596-1) |
| Summary: | The remote host is missing an update for the 'firefox' package(s) announced via the USN-3596-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the USN-3596-1 advisory. Vulnerability Insight: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. (CVE-2018-5125, CVE-2018-5126, CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130, CVE-2018-5136, CVE-2018-5137, CVE-2018-5140, CVE-2018-5141, CVE-2018-5142) It was discovered that the fetch() API could incorrectly return cached copies of no-store/no-cache resources in some circumstances. A local attacker could potentially exploit this to obtain sensitive information in environments where multiple users share a common profile. (CVE-2018-5131) Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information or bypass security restrictions. (CVE-2018-5132, CVE-2018-5134, CVE-2018-5135) It was discovered that the value of app.support.baseURL is not sanitized properly. If a malicious local application were to set this to a specially crafted value, an attacker could potentially exploit this to execute arbitrary code. (CVE-2018-5133) It was discovered that javascript: URLs with embedded tab characters could be pasted in to the addressbar. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5143) Affected Software/OS: 'firefox' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 17.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-5125 BugTraq ID: 103388 http://www.securityfocus.com/bid/103388 Debian Security Information: DSA-4139 (Google Search) https://www.debian.org/security/2018/dsa-4139 Debian Security Information: DSA-4155 (Google Search) https://www.debian.org/security/2018/dsa-4155 https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html RedHat Security Advisories: RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0526 RedHat Security Advisories: RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0527 RedHat Security Advisories: RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0647 RedHat Security Advisories: RHSA-2018:0648 https://access.redhat.com/errata/RHSA-2018:0648 http://www.securitytracker.com/id/1040514 https://usn.ubuntu.com/3545-1/ https://usn.ubuntu.com/3596-1/ https://usn.ubuntu.com/3688-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5126 BugTraq ID: 103386 http://www.securityfocus.com/bid/103386 Common Vulnerability Exposure (CVE) ID: CVE-2018-5127 Common Vulnerability Exposure (CVE) ID: CVE-2018-5128 Common Vulnerability Exposure (CVE) ID: CVE-2018-5129 Common Vulnerability Exposure (CVE) ID: CVE-2018-5130 Common Vulnerability Exposure (CVE) ID: CVE-2018-5131 Common Vulnerability Exposure (CVE) ID: CVE-2018-5132 Common Vulnerability Exposure (CVE) ID: CVE-2018-5133 Common Vulnerability Exposure (CVE) ID: CVE-2018-5134 Common Vulnerability Exposure (CVE) ID: CVE-2018-5135 Common Vulnerability Exposure (CVE) ID: CVE-2018-5136 Common Vulnerability Exposure (CVE) ID: CVE-2018-5137 Common Vulnerability Exposure (CVE) ID: CVE-2018-5140 Common Vulnerability Exposure (CVE) ID: CVE-2018-5141 Common Vulnerability Exposure (CVE) ID: CVE-2018-5142 Common Vulnerability Exposure (CVE) ID: CVE-2018-5143 |
| Copyright | Copyright (C) 2018 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |