The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2694 advisory.

  - Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812)

  - firefox: stored passwords in 'Saved Logins' can be copied without master password entry (CVE-2019-11733)

  - Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and     Thunderbird 60.9 (CVE-2019-11740)

  - Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images     (CVE-2019-11742)

  - Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743)

  - Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744)

  - Mozilla: Use-after-free while manipulating video (CVE-2019-11746)

  - Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : firefox (RHSA-2019:2694)

critical Nessus Plugin ID 128660

Version 1.11