SynopsisThe remote machine is affected by a vulnerability.
DescriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss-softokn packages installed that are affected by a vulnerability:
- Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade the vulnerable CGSL nss-softokn packages. Note that updated packages may not be available yet. Please contact ZTE for more information.