EulerOS 2.0 SP2 : firefox (EulerOS-SA-2018-1414)
High Nessus Plugin ID 119903
SynopsisThe remote EulerOS host is missing multiple security updates.
DescriptionAccording to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
- Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390)
- Mozilla: Crash with nested event loops (CVE-2018-12392)
- Mozilla: WebExtension bypass of domain restrictions through header rewriting (CVE-2018-12395)
- Mozilla: WebExtension content scripts can execute in disallowed contexts (CVE-2018-12396)
- Mozilla: WebExtension local file permission check bypass (CVE-2018-12397)
- Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected firefox packages.