Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR
78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some
of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox
ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. (CVE-2020-15659)
- Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page. (CVE-2020-6463)
- Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a
privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
(CVE-2020-6514)
- Given an installed malicious file picker application, an attacker was able to steal and upload local files
of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for
Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.
(CVE-2020-15649)
- Given an installed malicious file picker application, an attacker was able to overwrite local files and
thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected
Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR <
68.11. (CVE-2020-15650)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Exploit Ease: Exploits are available
Vulnerability Publication Date: 5/21/2020