English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2023.5880.1
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-5880-1)
Summary:The remote host is missing an update for the 'firefox' package(s) announced via the USN-5880-1 advisory.
Description:Summary:
The remote host is missing an update for the 'firefox' package(s) announced via the USN-5880-1 advisory.

Vulnerability Insight:
Christian Holler discovered that Firefox did not properly manage memory
when using PKCS 12 Safe Bag attributes. An attacker could construct a
PKCS 12 cert bundle in such a way that could allow for arbitrary memory
writes. (CVE-2023-0767)

Johan Carlsson discovered that Firefox did not properly manage child
iframe's unredacted URI when using Content-Security-Policy-Report-Only
header. An attacker could potentially exploits this to obtain sensitive
information. (CVE-2023-25728)

Vitor Torres discovered that Firefox did not properly manage permissions
of extensions interaction via ExpandedPrincipals. An attacker could
potentially exploits this issue to download malicious files or execute
arbitrary code. (CVE-2023-25729)

Irvan Kurniawan discovered that Firefox did not properly validate
background script invoking requestFullscreen. An attacker could
potentially exploit this issue to perform spoofing attacks. (CVE-2023-25730)

Ronald Crane discovered that Firefox did not properly manage memory when
using EncodeInputStream in xpcom. An attacker could potentially exploits
this issue to cause a denial of service. (CVE-2023-25732)

Samuel Grob discovered that Firefox did not properly manage memory when
using wrappers wrapping a scripted proxy. An attacker could potentially
exploits this issue to cause a denial of service. (CVE-2023-25735)

Holger Fuhrmannek discovered that Firefox did not properly manage memory
when using Module load requests. An attacker could potentially exploits
this issue to cause a denial of service. (CVE-2023-25739)

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-25731,
CVE-2023-25733, CVE-2023-25736, CVE-2023-25737, CVE-2023-25741,
CVE-2023-25742, CVE-2023-25744, CVE-2023-25745)

Affected Software/OS:
'firefox' package(s) on Ubuntu 18.04, Ubuntu 20.04.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-0767
https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1804640
https://www.mozilla.org/security/advisories/mfsa2023-05/
https://www.mozilla.org/security/advisories/mfsa2023-06/
https://www.mozilla.org/security/advisories/mfsa2023-07/
Common Vulnerability Exposure (CVE) ID: CVE-2023-25728
https://bugzilla.mozilla.org/show_bug.cgi?id=1790345
Common Vulnerability Exposure (CVE) ID: CVE-2023-25729
https://bugzilla.mozilla.org/show_bug.cgi?id=1792138
Common Vulnerability Exposure (CVE) ID: CVE-2023-25730
https://bugzilla.mozilla.org/show_bug.cgi?id=1794622
Common Vulnerability Exposure (CVE) ID: CVE-2023-25731
https://bugzilla.mozilla.org/show_bug.cgi?id=1801542
Common Vulnerability Exposure (CVE) ID: CVE-2023-25732
https://bugzilla.mozilla.org/show_bug.cgi?id=1804564
Common Vulnerability Exposure (CVE) ID: CVE-2023-25733
https://bugzilla.mozilla.org/show_bug.cgi?id=1808632
Common Vulnerability Exposure (CVE) ID: CVE-2023-25735
https://bugzilla.mozilla.org/show_bug.cgi?id=1810711
Common Vulnerability Exposure (CVE) ID: CVE-2023-25736
https://bugzilla.mozilla.org/show_bug.cgi?id=1811331
Common Vulnerability Exposure (CVE) ID: CVE-2023-25737
https://bugzilla.mozilla.org/show_bug.cgi?id=1811464
Common Vulnerability Exposure (CVE) ID: CVE-2023-25739
https://bugzilla.mozilla.org/show_bug.cgi?id=1811939
Common Vulnerability Exposure (CVE) ID: CVE-2023-25741
https://bugzilla.mozilla.org/show_bug.cgi?id=1437126
https://bugzilla.mozilla.org/show_bug.cgi?id=1812611
https://bugzilla.mozilla.org/show_bug.cgi?id=1813376
Common Vulnerability Exposure (CVE) ID: CVE-2023-25742
https://bugzilla.mozilla.org/show_bug.cgi?id=1813424
Common Vulnerability Exposure (CVE) ID: CVE-2023-25744
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536
Common Vulnerability Exposure (CVE) ID: CVE-2023-25745
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1688592%2C1797186%2C1804998%2C1806521%2C1813284
CopyrightCopyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.