Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-3778-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.843651
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3778-1)
Summary:	The remote host is missing an update for the 'firefox' package(s) announced via the USN-3778-1 advisory.
Description:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the USN-3778-1 advisory. Vulnerability Insight: A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. (CVE-2018-12385) A type confusion bug was discovered in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-12386) It was discovered that the Array.prototype.push could leak memory addresses to the calling function in some circumstances. An attacker could exploit this in combination with another vulnerability to help execute arbitrary code. (CVE-2018-12387) Affected Software/OS: 'firefox' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12385 BugTraq ID: 105380 http://www.securityfocus.com/bid/105380 Debian Security Information: DSA-4304 (Google Search) https://www.debian.org/security/2018/dsa-4304 Debian Security Information: DSA-4327 (Google Search) https://www.debian.org/security/2018/dsa-4327 https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html RedHat Security Advisories: RHSA-2018:2834 https://access.redhat.com/errata/RHSA-2018:2834 RedHat Security Advisories: RHSA-2018:2835 https://access.redhat.com/errata/RHSA-2018:2835 RedHat Security Advisories: RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3403 RedHat Security Advisories: RHSA-2018:3458 https://access.redhat.com/errata/RHSA-2018:3458 http://www.securitytracker.com/id/1041700 http://www.securitytracker.com/id/1041701 https://usn.ubuntu.com/3778-1/ https://usn.ubuntu.com/3793-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-12386 BugTraq ID: 105460 http://www.securityfocus.com/bid/105460 Debian Security Information: DSA-4310 (Google Search) https://www.debian.org/security/2018/dsa-4310 RedHat Security Advisories: RHSA-2018:2881 https://access.redhat.com/errata/RHSA-2018:2881 RedHat Security Advisories: RHSA-2018:2884 https://access.redhat.com/errata/RHSA-2018:2884 http://www.securitytracker.com/id/1041770 Common Vulnerability Exposure (CVE) ID: CVE-2018-12387
Copyright	Copyright (C) 2018 Greenbone AG