Lucene search

K

CentOS: Security Advisory for firefox (CESA-2023:1791)

🗓️ 25 Apr 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 13 Views

The remote host is missing an update for the 'firefox' package(s) announced via the CESA-2023:1791 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Multiple security fixes are included

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Oracle linux
firefox security update
14 Apr 202300:00
oraclelinux
Oracle linux
firefox security update
14 Apr 202300:00
oraclelinux
Oracle linux
firefox security update
17 Apr 202300:00
oraclelinux
Oracle linux
thunderbird security update
18 Apr 202300:00
oraclelinux
Oracle linux
thunderbird security update
18 Apr 202300:00
oraclelinux
Oracle linux
thunderbird security update
18 Apr 202300:00
oraclelinux
Debian
[SECURITY] [DSA 5385-1] firefox-esr security update
12 Apr 202317:56
debian
Debian
[SECURITY] [DLA 3391-1] firefox-esr security update
12 Apr 202318:03
debian
Debian
[SECURITY] [DSA 5392-1] thunderbird security update
22 Apr 202316:10
debian
Debian
[SECURITY] [DLA 3400-1] thunderbird security update
24 Apr 202308:55
debian
Rows per page
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.884285");
  script_version("2023-10-12T05:05:32+0000");
  script_cve_id("CVE-2023-1945", "CVE-2023-1999", "CVE-2023-29533", "CVE-2023-29535", "CVE-2023-29536", "CVE-2023-29539", "CVE-2023-29541", "CVE-2023-29548", "CVE-2023-29550");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2023-10-12 05:05:32 +0000 (Thu, 12 Oct 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-06-09 03:56:00 +0000 (Fri, 09 Jun 2023)");
  script_tag(name:"creation_date", value:"2023-04-25 01:00:44 +0000 (Tue, 25 Apr 2023)");
  script_name("CentOS: Security Advisory for firefox (CESA-2023:1791)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS7");

  script_xref(name:"Advisory-ID", value:"CESA-2023:1791");
  script_xref(name:"URL", value:"https://lists.centos.org/pipermail/centos-announce/2023-April/086396.html");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'firefox'
  package(s) announced via the CESA-2023:1791 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 102.10.0 ESR.

Security Fix(es):

  * Mozilla: Double-free in libwebp (CVE-2023-1999)

  * Mozilla: Fullscreen notification obscured (CVE-2023-29533)

  * Mozilla: Potential Memory Corruption following Garbage Collector
compaction (CVE-2023-29535)

  * Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

  * Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
(CVE-2023-29550)

  * Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

  * Mozilla: Content-Disposition filename truncation leads to Reflected File
Download (CVE-2023-29539)

  * Mozilla: Files with malicious extensions could have been downloaded
unsafely on Linux (CVE-2023-29541)

  * Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.");

  script_tag(name:"affected", value:"'firefox' package(s) on CentOS 7.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "CentOS7") {

  if(!isnull(res = isrpmvuln(pkg:"firefox", rpm:"firefox~102.10.0~1.el7.centos", rls:"CentOS7"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo