 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.884193 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS: Security Advisory for firefox (CESA-2022:0124) |
| Summary: | The remote host is missing an update for the 'firefox'; package(s) announced via the CESA-2022:0124 advisory. |
| Description: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the CESA-2022:0124 advisory. Vulnerability Insight: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.5.0 ESR. Security Fix(es): * Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140) * Mozilla: Race condition when playing audio files (CVE-2022-22737) * Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738) * Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741) * Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22743) * Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751) * Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745) * Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748) * Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739) * Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'firefox' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-4140 https://bugzilla.mozilla.org/show_bug.cgi?id=1746720 https://www.mozilla.org/security/advisories/mfsa2022-01/ https://www.mozilla.org/security/advisories/mfsa2022-02/ https://www.mozilla.org/security/advisories/mfsa2022-03/ Common Vulnerability Exposure (CVE) ID: CVE-2022-22737 https://bugzilla.mozilla.org/show_bug.cgi?id=1745874 Common Vulnerability Exposure (CVE) ID: CVE-2022-22738 https://bugzilla.mozilla.org/show_bug.cgi?id=1742382 Common Vulnerability Exposure (CVE) ID: CVE-2022-22739 https://bugzilla.mozilla.org/show_bug.cgi?id=1744158 Common Vulnerability Exposure (CVE) ID: CVE-2022-22740 https://bugzilla.mozilla.org/show_bug.cgi?id=1742334 Common Vulnerability Exposure (CVE) ID: CVE-2022-22741 https://bugzilla.mozilla.org/show_bug.cgi?id=1740389 Common Vulnerability Exposure (CVE) ID: CVE-2022-22742 https://bugzilla.mozilla.org/show_bug.cgi?id=1739923 Common Vulnerability Exposure (CVE) ID: CVE-2022-22743 https://bugzilla.mozilla.org/show_bug.cgi?id=1739220 Common Vulnerability Exposure (CVE) ID: CVE-2022-22745 https://bugzilla.mozilla.org/show_bug.cgi?id=1735856 Common Vulnerability Exposure (CVE) ID: CVE-2022-22747 https://bugzilla.mozilla.org/show_bug.cgi?id=1735028 Common Vulnerability Exposure (CVE) ID: CVE-2022-22748 https://bugzilla.mozilla.org/show_bug.cgi?id=1705211 Common Vulnerability Exposure (CVE) ID: CVE-2022-22751 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664149%2C1737816%2C1739366%2C1740274%2C1740797%2C1741201%2C1741869%2C1743221%2C1743515%2C1745373%2C1746011 |
| Copyright | Copyright (C) 2022 Greenbone Networks GmbH |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |