 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.2.1.2018.29 |
| Category: | General |
| Title: | Mozilla Firefox Security Advisory (MFSA2018-29) - Linux |
| Summary: | This host is missing a security update for Mozilla Firefox. |
| Description: | Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash. CVE-2018-18492: Use-after-free with select element A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. CVE-2018-18495: WebExtension content scripts can be loaded in about: pages WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file: locations. CVE-2018-18498: Integer overflow when calculating buffer sizes for images A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This can ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: Firefox version(s) below 64. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-12405 BugTraq ID: 106168 http://www.securityfocus.com/bid/106168 Debian Security Information: DSA-4354 (Google Search) https://www.debian.org/security/2018/dsa-4354 Debian Security Information: DSA-4362 (Google Search) https://www.debian.org/security/2019/dsa-4362 https://security.gentoo.org/glsa/201903-04 https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html RedHat Security Advisories: RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3831 RedHat Security Advisories: RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2018:3833 RedHat Security Advisories: RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0159 RedHat Security Advisories: RHSA-2019:0160 https://access.redhat.com/errata/RHSA-2019:0160 https://usn.ubuntu.com/3844-1/ https://usn.ubuntu.com/3868-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-12406 BugTraq ID: 106167 http://www.securityfocus.com/bid/106167 Common Vulnerability Exposure (CVE) ID: CVE-2018-12407 Common Vulnerability Exposure (CVE) ID: CVE-2018-17466 BugTraq ID: 105666 http://www.securityfocus.com/bid/105666 Debian Security Information: DSA-4330 (Google Search) https://www.debian.org/security/2018/dsa-4330 https://security.gentoo.org/glsa/201811-10 https://crbug.com/880906 RedHat Security Advisories: RHSA-2018:3004 https://access.redhat.com/errata/RHSA-2018:3004 Common Vulnerability Exposure (CVE) ID: CVE-2018-18492 Common Vulnerability Exposure (CVE) ID: CVE-2018-18493 Common Vulnerability Exposure (CVE) ID: CVE-2018-18494 Common Vulnerability Exposure (CVE) ID: CVE-2018-18495 Common Vulnerability Exposure (CVE) ID: CVE-2018-18497 Common Vulnerability Exposure (CVE) ID: CVE-2018-18498 Common Vulnerability Exposure (CVE) ID: CVE-2018-18510 https://bugzilla.mozilla.org/show_bug.cgi?id=1507702 https://www.mozilla.org/security/advisories/mfsa2018-29/ |
| Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |