Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2023-4468.NASL
HistoryAug 04, 2023 - 12:00 a.m.

AlmaLinux 8 : firefox (ALSA-2023:4468)

2023-08-0400:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
almalinux 8
firefox
remote host
multiple vulnerabilities
same-origin policy
exploitable crash
content process
global variable
stale value
wasm jit analysis
cross-origin tainting
memory safety
race conditions
reference counting code
stack buffer
sandbox escape

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

52.8%

JSON

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:4468 advisory.

  • Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4045)

  • In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4046)

  • A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4047)

  • An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4048)

  • Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4049)

  • In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4050)

  • Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4056)

  • Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
    (CVE-2023-4057)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2023:4468.
##

include('compat.inc');

if (description)
{
  script_id(179367);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/01");

  script_cve_id(
    "CVE-2023-4045",
    "CVE-2023-4046",
    "CVE-2023-4047",
    "CVE-2023-4048",
    "CVE-2023-4049",
    "CVE-2023-4050",
    "CVE-2023-4056",
    "CVE-2023-4057"
  );
  script_xref(name:"ALSA", value:"2023:4468");
  script_xref(name:"IAVA", value:"2023-A-0388-S");

  script_name(english:"AlmaLinux 8 : firefox (ALSA-2023:4468)");

  script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the
ALSA-2023:4468 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image
    data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116,
    Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This
    resulted in incorrect compilation and a potentially exploitable crash in the content process. This
    vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user
    into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR
    < 115.1. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low
    memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <
    115.1. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted
    in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116,
    Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This
    resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability
    affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4050)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and
    Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with
    enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects
    Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs
    showed evidence of memory corruption and we presume that with enough effort some of these could have been
    exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
    (CVE-2023-4057)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/8/ALSA-2023-4468.html");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2023-4055");
  script_set_attribute(attribute:"solution", value:
"Update the affected firefox package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-4057");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(120, 829);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:firefox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::appstream");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::baseos");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::highavailability");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::nfv");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::powertools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::realtime");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::resilientstorage");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::sap");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::sap_hana");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::supplementary");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alma Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/AlmaLinux/release');
if (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);

if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);

var pkgs = [
    {'reference':'firefox-102.14.0-1.el8_8.alma', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
    {'reference':'firefox-102.14.0-1.el8_8.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');
}
VendorProductVersionCPE
almalinuxfirefoxp-cpe:/a:alma:linux:firefox
almalinux8cpe:/o:alma:linux:8
almalinux8cpe:/o:alma:linux:8::appstream
almalinux8cpe:/o:alma:linux:8::baseos
almalinux8cpe:/o:alma:linux:8::highavailability
almalinux8cpe:/o:alma:linux:8::nfv
almalinux8cpe:/o:alma:linux:8::powertools
almalinux8cpe:/o:alma:linux:8::realtime
almalinux8cpe:/o:alma:linux:8::resilientstorage
almalinux8cpe:/o:alma:linux:8::sap
Rows per page:
1-10 of 121

Related

nessus 55
oraclelinux 6
redhat 16
osv 16
rocky 4
debian 4
almalinux 4
openvas 25
kaspersky 5
mozilla 5
rosalinux 2
ubuntu 5
slackware 1
redos 2
mageia 1
cve 6
debiancve 8
ubuntucve 6
prion 4
redhatcve 7
nvd 3
alpinelinux 4
veracode 5
cnvd 1
cvelist 4
nessus
nessus
Oracle Linux 8 : firefox (ELSA-2023-4468)
2023-08-04 00:00:00
CentOS 7 : firefox (RHSA-2023:4461)
2024-01-09 00:00:00
RHEL 8 : firefox (RHSA-2023:4464)
2023-08-03 00:00:00
oraclelinux
oraclelinux
firefox security update
2023-08-04 00:00:00
firefox security update
2023-08-04 00:00:00
thunderbird security update
2023-08-08 00:00:00
redhat
redhat
(RHSA-2023:4468) Important: firefox security update
2023-08-03 13:32:38
(RHSA-2023:4460) Important: firefox security update
2023-08-03 12:29:10
(RHSA-2023:4461) Important: firefox security update
2023-08-03 12:32:03
osv
osv
Important: firefox security update
2023-08-03 00:00:00
Important: firefox security update
2023-08-08 12:34:07
thunderbird - security update
2023-08-08 00:00:00
rocky
rocky
firefox security update
2023-08-08 12:35:00
firefox security update
2023-08-08 12:34:07
thunderbird security update
2023-08-08 12:35:00
debian
debian
[SECURITY] [DSA 5469-1] thunderbird security update
2023-08-05 20:47:00
[SECURITY] [DLA 3521-1] thunderbird security update
2023-08-08 10:13:27
[SECURITY] [DSA 5464-1] firefox-esr security update
2023-08-03 17:27:01
almalinux
almalinux
Important: firefox security update
2023-08-03 00:00:00
Important: firefox security update
2023-08-03 00:00:00
Important: thunderbird security update
2023-08-07 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5464-1)
2023-08-04 00:00:00
Debian: Security Advisory (DSA-5469-1)
2023-08-07 00:00:00
Debian: Security Advisory (DLA-3523-1)
2023-08-10 00:00:00
kaspersky
kaspersky
KLA51618 Multiple vulnerabilities in Mozilla Thunderbird
2023-08-02 00:00:00
KLA51574 Multiple vulnerabilities in Mozilla Firefox ESR
2023-08-01 00:00:00
KLA51620 Multiple vulnerabilities in Mozilla Thunderbird
2023-08-02 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Thunderbird 102.14 — Mozilla
2023-08-02 00:00:00
Security Vulnerabilities fixed in Firefox ESR 102.14 — Mozilla
2023-08-01 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.1 — Mozilla
2023-08-02 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2233
2023-09-12 11:49:48
Advisory ROSA-SA-2023-2232
2023-09-12 11:49:20
ubuntu
ubuntu
Thunderbird vulnerabilities
2023-09-04 00:00:00
Firefox regressions
2023-08-21 00:00:00
Firefox regressions
2023-08-08 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2023-08-04 20:52:54
redos
redos
ROS-20230908-07
2023-09-08 00:00:00
ROS-20230919-04
2023-09-19 00:00:00
mageia
mageia
Updated firefox/thunderbird packages fix security vulnerability
2023-09-25 01:16:18
cve
cve
CVE-2023-4057
2023-08-01 16:15:10
CVE-2023-4047
2023-08-01 15:15:09
CVE-2023-4046
2023-08-01 15:15:09
debiancve
debiancve
CVE-2023-4056
2023-08-01 16:15:10
CVE-2023-4046
2023-08-01 15:15:09
CVE-2023-4047
2023-08-01 15:15:09
ubuntucve
ubuntucve
CVE-2023-4056
2023-08-02 00:00:00
CVE-2023-4047
2023-08-01 00:00:00
CVE-2023-4050
2023-08-01 00:00:00
prion
prion
Memory corruption
2023-08-01 16:15:00
Stack overflow
2023-08-01 15:15:00
Code injection
2023-08-01 16:15:00
redhatcve
redhatcve
CVE-2023-4056
2023-08-02 08:28:42
CVE-2023-4057
2023-08-02 08:28:50
CVE-2023-4047
2023-08-02 08:28:10
nvd
nvd
CVE-2023-4047
2023-08-01 15:15:09
CVE-2023-4045
2023-08-01 15:15:09
CVE-2023-4050
2023-08-01 15:15:10
alpinelinux
alpinelinux
CVE-2023-4050
2023-08-01 15:15:10
CVE-2023-4057
2023-08-01 16:15:10
CVE-2023-4048
2023-08-01 15:15:09
veracode
veracode
Privilege Escalation
2023-08-06 12:06:35
Denial Of Service (DoS)
2023-08-06 12:07:49
Arbitrary Code Execution
2023-08-06 12:07:56
cnvd
cnvd
Mozilla Firefox and Firefox ESR Buffer Overflow Vulnerability
2023-08-03 00:00:00
cvelist
cvelist
CVE-2023-4055
2023-08-01 15:01:20
CVE-2023-4050
2023-08-01 14:58:31
CVE-2023-4046
2023-08-01 14:57:07

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

52.8%

JSON
Related for ALMA_LINUX_ALSA-2023-4468.NASL
nessus55oraclelinux6redhat16osv16rocky4debian4almalinux4openvas25kaspersky5mozilla5rosalinux2ubuntu5slackware1redos2mageia1cve6debiancve8ubuntucve6prion4redhatcve7nvd3alpinelinux4veracode5cnvd1cvelist4