 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.843501 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-3596-2) |
| Summary: | The remote host is missing an update for the 'firefox' package(s) announced via the USN-3596-2 advisory. |
| Description: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the USN-3596-2 advisory. Vulnerability Insight: USN-3596-1 fixed vulnerabilities in Firefox. The update caused an issue where it was not possible to customize the toolbars when running Firefox in Unity. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. (CVE-2018-5125, CVE-2018-5126, CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130, CVE-2018-5136, CVE-2018-5137, CVE-2018-5140, CVE-2018-5141, CVE-2018-5142) It was discovered that the fetch() API could incorrectly return cached copies of no-store/no-cache resources in some circumstances. A local attacker could potentially exploit this to obtain sensitive information in environments where multiple users share a common profile. (CVE-2018-5131) Multiple security issues were discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to obtain sensitive information or bypass security restrictions. (CVE-2018-5132, CVE-2018-5134, CVE-2018-5135) It was discovered that the value of app.support.baseURL is not sanitized properly. If a malicious local application were to set this to a specially crafted value, an attacker could potentially exploit this to execute arbitrary code. (CVE-2018-5133) It was discovered that javascript: URLs with embedded tab characters could be pasted in to the addressbar. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2018-5143) Affected Software/OS: 'firefox' package(s) on Ubuntu 14.04, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-5125 BugTraq ID: 103388 http://www.securityfocus.com/bid/103388 Debian Security Information: DSA-4139 (Google Search) https://www.debian.org/security/2018/dsa-4139 Debian Security Information: DSA-4155 (Google Search) https://www.debian.org/security/2018/dsa-4155 https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html RedHat Security Advisories: RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0526 RedHat Security Advisories: RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0527 RedHat Security Advisories: RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0647 RedHat Security Advisories: RHSA-2018:0648 https://access.redhat.com/errata/RHSA-2018:0648 http://www.securitytracker.com/id/1040514 https://usn.ubuntu.com/3545-1/ https://usn.ubuntu.com/3596-1/ https://usn.ubuntu.com/3688-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5126 BugTraq ID: 103386 http://www.securityfocus.com/bid/103386 Common Vulnerability Exposure (CVE) ID: CVE-2018-5127 Common Vulnerability Exposure (CVE) ID: CVE-2018-5128 Common Vulnerability Exposure (CVE) ID: CVE-2018-5129 Common Vulnerability Exposure (CVE) ID: CVE-2018-5130 Common Vulnerability Exposure (CVE) ID: CVE-2018-5131 Common Vulnerability Exposure (CVE) ID: CVE-2018-5132 Common Vulnerability Exposure (CVE) ID: CVE-2018-5133 Common Vulnerability Exposure (CVE) ID: CVE-2018-5134 Common Vulnerability Exposure (CVE) ID: CVE-2018-5135 Common Vulnerability Exposure (CVE) ID: CVE-2018-5136 Common Vulnerability Exposure (CVE) ID: CVE-2018-5137 Common Vulnerability Exposure (CVE) ID: CVE-2018-5140 Common Vulnerability Exposure (CVE) ID: CVE-2018-5141 Common Vulnerability Exposure (CVE) ID: CVE-2018-5142 Common Vulnerability Exposure (CVE) ID: CVE-2018-5143 |
| Copyright | Copyright (C) 2018 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |