Test ID:	1.3.6.1.4.1.25623.1.0.844761
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4671-1)
Summary:	The remote host is missing an update for the 'firefox' package(s) announced via the USN-4671-1 advisory.
Description:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the USN-4671-1 advisory. Vulnerability Insight: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, bypass security restrictions, spoof the URL bar, or execute arbitrary code. (CVE-2020-16042, CVE-2020-26971, CVE-2020-26972, CVE-2020-26793, CVE-2020-26974, CVE-2020-26976, CVE-2020-26978, CVE-2020-26979, CVE-2020-35113, CVE-2020-35114) It was discovered that the proxy.onRequest API did not catch view-source URLs. If a user were tricked in to installing an extension with the proxy permission and opening View Source, an attacker could potentially exploit this to obtain sensitive information. (CVE-2020-35111) Affected Software/OS: 'firefox' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 20.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-16042 https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html https://crbug.com/1151890 Common Vulnerability Exposure (CVE) ID: CVE-2020-26971 https://bugzilla.mozilla.org/show_bug.cgi?id=1663466 https://www.mozilla.org/security/advisories/mfsa2020-54/ https://www.mozilla.org/security/advisories/mfsa2020-55/ https://www.mozilla.org/security/advisories/mfsa2020-56/ Common Vulnerability Exposure (CVE) ID: CVE-2020-26972 https://bugzilla.mozilla.org/show_bug.cgi?id=1671382 Common Vulnerability Exposure (CVE) ID: CVE-2020-26973 https://bugzilla.mozilla.org/show_bug.cgi?id=1680084 Common Vulnerability Exposure (CVE) ID: CVE-2020-26974 https://bugzilla.mozilla.org/show_bug.cgi?id=1681022 Common Vulnerability Exposure (CVE) ID: CVE-2020-26976 Debian Security Information: DSA-4840 (Google Search) https://www.debian.org/security/2021/dsa-4840 Debian Security Information: DSA-4842 (Google Search) https://www.debian.org/security/2021/dsa-4842 https://security.gentoo.org/glsa/202102-02 https://bugzilla.mozilla.org/show_bug.cgi?id=1674343 https://lists.debian.org/debian-lts-announce/2021/02/msg00001.html https://lists.debian.org/debian-lts-announce/2021/02/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2020-26978 https://bugzilla.mozilla.org/show_bug.cgi?id=1677047 Common Vulnerability Exposure (CVE) ID: CVE-2020-26979 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1641287%2C1673299 Common Vulnerability Exposure (CVE) ID: CVE-2020-35111 https://bugzilla.mozilla.org/show_bug.cgi?id=1657916 Common Vulnerability Exposure (CVE) ID: CVE-2020-35113 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664831%2C1673589 Common Vulnerability Exposure (CVE) ID: CVE-2020-35114 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1607449%2C1640416%2C1656459%2C1669914%2C1673567
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.