The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2663 advisory.

  - Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812)

  - firefox: stored passwords in 'Saved Logins' can be copied without master password entry (CVE-2019-11733)

  - Mozilla: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 (CVE-2019-11735)

  - Mozilla: Content security policy bypass through hash-based sources in directives (CVE-2019-11738)

  - Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and     Thunderbird 60.9 (CVE-2019-11740)

  - Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images     (CVE-2019-11742)

  - Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743)

  - Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744)

  - Mozilla: Use-after-free while manipulating video (CVE-2019-11746)

  - Mozilla: 'Forget about this site' removes sites from pre-loaded HSTS list (CVE-2019-11747)

  - Mozilla: Persistence of WebRTC permissions in a third party context (CVE-2019-11748)

  - Mozilla: Camera information available without prompting using getUserMedia (CVE-2019-11749)

  - Mozilla: Type confusion in Spidermonkey (CVE-2019-11750)

  - Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : firefox (RHSA-2019:2663)

critical Nessus Plugin ID 128517

Version 1.14

Version 1.13

Version 1.14 Apr 29, 2024, 6:56 AM Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202404290656
Version 1.13 Apr 28, 2024, 2:25 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404281425