Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2024-113454B56B.NASL
HistoryMar 20, 2024 - 12:00 a.m.

Fedora 39 : firefox (2024-113454b56b)

2024-03-2000:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
fedora 39
firefox vulnerability
memory safety
timing side-channel attack
windows error reporter
invalid wasm values
return registers
integer overflows
content security policies
pointer lock
quic ack frame
nessus scanner

0.0004 Low

EPSS

Percentile

15.7%

JSON

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-113454b56b advisory.

  • Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124. (CVE-2024-2615)

  • NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2023-5388)

  • An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
    (CVE-2024-2605)

  • Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124. (CVE-2024-2606)

  • Return registers were overwritten which could have allowed an attacker to execute arbitrary code. Note: This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2024-2607)

  • AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
    (CVE-2024-2608)

  • The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10. (CVE-2024-2609)

  • Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2024-2610)

  • A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2024-2611)

  • If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2024-2612)

  • Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. (CVE-2024-2613)

  • Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2024-2614)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2024-113454b56b
#

include('compat.inc');

if (description)
{
  script_id(192294);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/17");

  script_cve_id(
    "CVE-2023-5388",
    "CVE-2024-2605",
    "CVE-2024-2606",
    "CVE-2024-2607",
    "CVE-2024-2608",
    "CVE-2024-2609",
    "CVE-2024-2610",
    "CVE-2024-2611",
    "CVE-2024-2612",
    "CVE-2024-2613",
    "CVE-2024-2614",
    "CVE-2024-2615"
  );
  script_xref(name:"FEDORA", value:"2024-113454b56b");
  script_xref(name:"IAVA", value:"2024-A-0174-S");
  script_xref(name:"IAVA", value:"2024-A-0245-S");

  script_name(english:"Fedora 39 : firefox (2024-113454b56b)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2024-113454b56b advisory.

  - Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we
    presume that with enough effort some of these could have been exploited to run arbitrary code. This
    vulnerability affects Firefox < 124. (CVE-2024-2615)

  - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could
    potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124,
    Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2023-5388)

  - An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping
    the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are
    unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
    (CVE-2024-2605)

  - Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers
    turning into pointer values. This vulnerability affects Firefox < 124. (CVE-2024-2606)

  - Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:*
    This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability
    affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2024-2607)

  - `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could
    have experienced integer overflows, causing underallocation of an output buffer leading to an out of
    bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
    (CVE-2024-2608)

  - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable
    to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and
    Thunderbird < 115.10. (CVE-2024-2609)

  - Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass
    strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and
    Thunderbird < 115.9. (CVE-2024-2610)

  - A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into
    granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird <
    115.9. (CVE-2024-2611)

  - If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered
    a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124,
    Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2024-2612)

  - Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory
    consumption and a crash. This vulnerability affects Firefox < 124. (CVE-2024-2613)

  - Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs
    showed evidence of memory corruption and we presume that with enough effort some of these could have been
    exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and
    Thunderbird < 115.9. (CVE-2024-2614)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2024-113454b56b");
  script_set_attribute(attribute:"solution", value:
"Update the affected firefox package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-5388");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:39");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:firefox");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^39([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 39', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'firefox-124.0-1.fc39', 'release':'FC39', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');
}
VendorProductVersionCPE
fedoraprojectfedora39cpe:/o:fedoraproject:fedora:39
fedoraprojectfedorafirefoxp-cpe:/a:fedoraproject:fedora:firefox

Related

nessus 54
kaspersky 3
ubuntu 2
osv 12
mozilla 3
openvas 21
slackware 2
oraclelinux 6
redhat 18
almalinux 4
rocky 2
centos 2
mageia 2
amazon 1
debian 4
ubuntucve 9
alpinelinux 4
veracode 7
cgr 2
debiancve 9
cvelist 8
cve 7
nvd 6
cnvd 7
redhatcve 3
vulnrichment 1
nessus
nessus
Fedora 38 : firefox (2024-7e71e9eaba)
2024-03-20 00:00:00
Mozilla Firefox < 124.0
2024-03-19 00:00:00
Fedora 40 : firefox (2024-cd3a64f43b)
2024-04-29 00:00:00
kaspersky
kaspersky
KLA65224 Multiple vulnerabilities in Mozilla Firefox
2024-03-19 00:00:00
KLA65226 Multiple vulnerabilities in Mozilla Thunderbird
2024-03-19 00:00:00
KLA65225 Multiple vulnerabilities in Mozilla Firefox ESR
2024-03-19 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2024-03-20 00:00:00
Thunderbird vulnerabilities
2024-03-26 00:00:00
osv
osv
firefox vulnerabilities
2024-03-20 05:48:06
Moderate: thunderbird security update
2024-03-25 00:00:00
Moderate: thunderbird security update
2024-03-25 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 124 — Mozilla
2024-03-19 00:00:00
Security Vulnerabilities fixed in Firefox ESR 115.9 — Mozilla
2024-03-19 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.9 — Mozilla
2024-03-19 00:00:00
openvas
openvas
Mozilla Firefox Security Update (mfsa_2024-12) - Windows
2024-03-25 00:00:00
Mozilla Firefox Security Advisory (MFSA2024-12) - Linux
2024-03-19 00:00:00
Ubuntu: Security Advisory (USN-6703-1)
2024-03-21 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2024-03-20 00:27:50
[slackware-security] mozilla-thunderbird
2024-03-20 00:28:21
oraclelinux
oraclelinux
thunderbird security update
2024-03-26 00:00:00
thunderbird security update
2024-03-26 00:00:00
thunderbird security update
2024-03-25 00:00:00
redhat
redhat
(RHSA-2024:1496) Moderate: thunderbird security update
2024-03-25 18:33:37
(RHSA-2024:1498) Moderate: thunderbird security update
2024-03-25 18:33:53
(RHSA-2024:1499) Moderate: thunderbird security update
2024-03-25 18:34:00
almalinux
almalinux
Moderate: thunderbird security update
2024-03-25 00:00:00
Moderate: thunderbird security update
2024-03-25 00:00:00
Critical: firefox security update
2024-03-25 00:00:00
rocky
rocky
thunderbird security update
2024-03-27 04:34:32
firefox security update
2024-03-27 04:34:32
centos
centos
thunderbird security update
2024-04-03 14:01:39
firefox security update
2024-04-03 14:00:43
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2024-03-27 22:40:25
Updated nss firefox, nss packages fix security vulnerabilities
2024-03-27 22:24:13
amazon
amazon
Important: thunderbird
2024-03-27 21:32:00
debian
debian
[SECURITY] [DSA 5643-1] firefox-esr security update
2024-03-21 19:19:35
[SECURITY] [DLA 3769-1] thunderbird security update
2024-03-23 11:22:35
[SECURITY] [DSA 5644-1] thunderbird security update
2024-03-21 19:22:16
ubuntucve
ubuntucve
CVE-2024-2606
2024-03-19 00:00:00
CVE-2024-2605
2024-03-19 00:00:00
CVE-2024-2611
2024-03-19 00:00:00
alpinelinux
alpinelinux
CVE-2024-2605
2024-03-19 12:15:08
CVE-2024-2611
2024-03-19 12:15:09
CVE-2024-2608
2024-03-19 12:15:08
veracode
veracode
Arbitrary Code Execution
2024-04-10 21:52:28
Improper Input Validation
2024-03-25 01:33:05
Arbitrary Code Execution
2024-03-25 01:32:51
cgr
cgr
CVE-2024-2605 vulnerabilities
2024-05-19 03:07:16
CVE-2024-2607 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2024-2605
2024-03-19 12:15:08
CVE-2024-2606
2024-03-19 12:15:08
CVE-2024-2608
2024-03-19 12:15:08
cvelist
cvelist
CVE-2024-2606
2024-03-19 12:02:52
CVE-2024-2615
2024-03-19 12:02:57
CVE-2024-2605
2024-03-19 12:02:51
cve
cve
CVE-2024-2606
2024-03-19 12:15:08
CVE-2024-2605
2024-03-19 12:15:08
CVE-2024-2608
2024-03-19 12:15:08
nvd
nvd
CVE-2024-2606
2024-03-19 12:15:08
CVE-2024-2613
2024-03-19 12:15:09
CVE-2024-2615
2024-03-19 12:15:09
cnvd
cnvd
Mozilla Firefox Security Bypass Vulnerability (CNVD-2024-14982)
2024-03-21 00:00:00
Code execution vulnerability in multiple Mozilla products (CNVD-2024-14974)
2024-03-21 00:00:00
Code execution vulnerability in multiple Mozilla products (CNVD-2024-14978)
2024-03-21 00:00:00
redhatcve
redhatcve
CVE-2024-2607
2024-03-21 11:39:26
CVE-2024-2605
2024-03-21 11:00:58
CVE-2024-2611
2024-03-21 11:39:41
vulnrichment
vulnrichment
CVE-2024-2608
2024-03-19 12:02:53

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for FEDORA_2024-113454B56B.NASL
nessus54kaspersky3ubuntu2osv12mozilla3openvas21slackware2oraclelinux6redhat18almalinux4rocky2centos2mageia2amazon1debian4ubuntucve9alpinelinux4veracode7cgr2debiancve9cvelist8cve7nvd6cnvd7redhatcve3vulnrichment1