The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3228-1 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process. This     vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <     115.1. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4050)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other     operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and     Thunderbird < 115.1. (CVE-2023-4052)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird <     115.1. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the     host was no longer consistent with expected cookie jar state. This could have caused requests to be sent     with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects     Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and     Thunderbird < 115.1. (CVE-2023-4057)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 115.1.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-216-01 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process. This     vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <     115.1. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4050)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other     operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
    (CVE-2023-4052)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the     host was no longer consistent with expected cookie jar state. This could have caused requests to be sent     with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects     Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
    (CVE-2023-4057)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a4e8720e0f advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process. This     vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <     115.1. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4050)

  - A website could have obscured the full screen notification by using the file open dialog. This could have     led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR     < 115.2, and Thunderbird < 115.2. (CVE-2023-4051)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other     operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and     Thunderbird < 115.1. (CVE-2023-4052)

  - A website could have obscured the full screen notification by using a URL with a scheme handled by an     external program, such as a mailto URL. This could have led to user confusion and possible spoofing     attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
    (CVE-2023-4053)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird <     115.1. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the     host was no longer consistent with expected cookie jar state. This could have caused requests to be sent     with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects     Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and     Thunderbird < 115.1. (CVE-2023-4057)

  - Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code. This     vulnerability affects Firefox < 116. (CVE-2023-4058)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3161-1 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process. This     vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <     115.1. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4050)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other     operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
    (CVE-2023-4052)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the     host was no longer consistent with expected cookie jar state. This could have caused requests to be sent     with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects     Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
    (CVE-2023-4057)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3162-1 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process. This     vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <     115.1. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4050)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other     operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
    (CVE-2023-4052)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the     host was no longer consistent with expected cookie jar state. This could have caused requests to be sent     with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects     Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
    (CVE-2023-4057)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3163-1 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process. This     vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <     115.1. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4050)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other     operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
    (CVE-2023-4052)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the     host was no longer consistent with expected cookie jar state. This could have caused requests to be sent     with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects     Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
    (CVE-2023-4057)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 115.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-33 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process.
    (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. (CVE-2023-4050)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user.  This bug only affects Firefox on Windows. Other     operating systems are unaffected. (CVE-2023-4052)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    This bug only affects Firefox on Windows. Other operating systems are unaffected. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in <code>document.cookie</code>, the actual cookie jar     sent to the host was no longer consistent with expected cookie jar state. This could have caused requests     to be sent with some cookies missing. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2023-4057)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-33 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process.
    (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. (CVE-2023-4050)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user.  This bug only affects Firefox on Windows. Other     operating systems are unaffected. (CVE-2023-4052)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    This bug only affects Firefox on Windows. Other operating systems are unaffected. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in <code>document.cookie</code>, the actual cookie jar     sent to the host was no longer consistent with expected cookie jar state. This could have caused requests     to be sent with some cookies missing. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2023-4057)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b4b8e4f1b9 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process. This     vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <     115.1. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4050)

  - A website could have obscured the full screen notification by using the file open dialog. This could have     led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR     < 115.2, and Thunderbird < 115.2. (CVE-2023-4051)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other     operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and     Thunderbird < 115.1. (CVE-2023-4052)

  - A website could have obscured the full screen notification by using a URL with a scheme handled by an     external program, such as a mailto URL. This could have led to user confusion and possible spoofing     attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
    (CVE-2023-4053)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird <     115.1. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the     host was no longer consistent with expected cookie jar state. This could have caused requests to be sent     with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects     Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and     Thunderbird < 115.1. (CVE-2023-4057)

  - Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code. This     vulnerability affects Firefox < 116. (CVE-2023-4058)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 116.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-29 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process.
    (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. (CVE-2023-4050)

  - A website could have obscured the full screen notification by using the file open dialog. This could have     led to user confusion and possible spoofing attacks. (CVE-2023-4051)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user.  This bug only affects Firefox on Windows. Other     operating systems are unaffected. (CVE-2023-4052)

  - A website could have obscured the full screen notification by using a URL with a scheme handled by an     external program, such as a mailto URL. This could have led to user confusion and possible spoofing     attacks. (CVE-2023-4053)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    This bug only affects Firefox on Windows. Other operating systems are unaffected. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in <code>document.cookie</code>, the actual cookie jar     sent to the host was no longer consistent with expected cookie jar state. This could have caused requests     to be sent with some cookies missing. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2023-4057)

  - Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2023-4058)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 116.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-29 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process.
    (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. (CVE-2023-4050)

  - A website could have obscured the full screen notification by using the file open dialog. This could have     led to user confusion and possible spoofing attacks. (CVE-2023-4051)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user.  This bug only affects Firefox on Windows. Other     operating systems are unaffected. (CVE-2023-4052)

  - A website could have obscured the full screen notification by using a URL with a scheme handled by an     external program, such as a mailto URL. This could have led to user confusion and possible spoofing     attacks. (CVE-2023-4053)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    This bug only affects Firefox on Windows. Other operating systems are unaffected. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in <code>document.cookie</code>, the actual cookie jar     sent to the host was no longer consistent with expected cookie jar state. This could have caused requests     to be sent with some cookies missing. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2023-4057)

  - Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2023-4058)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-31 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process.
    (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. (CVE-2023-4050)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user.  This bug only affects Firefox on Windows. Other     operating systems are unaffected. (CVE-2023-4052)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    This bug only affects Firefox on Windows. Other operating systems are unaffected. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in <code>document.cookie</code>, the actual cookie jar     sent to the host was no longer consistent with expected cookie jar state. This could have caused requests     to be sent with some cookies missing. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2023-4057)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 115.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-31 advisory.

  - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. (CVE-2023-4045)

  - In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process.
    (CVE-2023-4046)

  - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. (CVE-2023-4047)

  - An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. (CVE-2023-4048)

  - Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. (CVE-2023-4049)

  - In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. (CVE-2023-4050)

  - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any     files in that directory would be recursively deleted with the permissions of the uninstalling user     account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary     file deletion controlled by the non-privileged user.  This bug only affects Firefox on Windows. Other     operating systems are unaffected. (CVE-2023-4052)

  - When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
    This bug only affects Firefox on Windows. Other operating systems are unaffected. (CVE-2023-4054)

  - When the number of cookies per domain was exceeded in <code>document.cookie</code>, the actual cookie jar     sent to the host was no longer consistent with expected cookie jar state. This could have caused requests     to be sent with some cookies missing. (CVE-2023-4055)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. (CVE-2023-4056)

  - Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2023-4057)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
190759	GLSA-202402-25 : Mozilla Thunderbird: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
179580	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2023:3228-1)	Nessus	SuSE Local Security Checks	critical
179369	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-216-01)	Nessus	Slackware Local Security Checks	critical
179341	Fedora 37 : firefox (2023-a4e8720e0f)	Nessus	Fedora Local Security Checks	critical
179303	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2023:3161-1)	Nessus	SuSE Local Security Checks	critical
179302	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2023:3162-1)	Nessus	SuSE Local Security Checks	critical
179297	SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2023:3163-1)	Nessus	SuSE Local Security Checks	critical
179232	Mozilla Thunderbird < 115.1	Nessus	Windows	critical
179231	Mozilla Thunderbird < 115.1	Nessus	MacOS X Local Security Checks	critical
179184	Fedora 38 : firefox (2023-b4b8e4f1b9)	Nessus	Fedora Local Security Checks	critical
179143	Mozilla Firefox < 116.0	Nessus	Windows	critical
179142	Mozilla Firefox < 116.0	Nessus	MacOS X Local Security Checks	critical
179141	Mozilla Firefox ESR < 115.1	Nessus	MacOS X Local Security Checks	critical
179140	Mozilla Firefox ESR < 115.1	Nessus	Windows	critical

Detections

Analytics

CVE-2023-4052

medium

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical