The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4756-1 advisory.

  - If Content Security Policy blocked frame navigation, the full destination of a redirect served in the     frame was reported in the violation report; as opposed to the original frame URI. This could be used to     leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird <     78.8, and Firefox ESR < 78.8. (CVE-2021-23968)

  - As specified in the W3C Content Security Policy draft, when creating a violation report, User agents need     to ensure that the source file is the URL requested by the page, pre-redirects. If thats not possible,     user agents need to strip the URL down to an origin to avoid unintentional leakage. Under certain types     of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was     fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird <     78.8, and Firefox ESR < 78.8. (CVE-2021-23969)

  - Context-specific code was included in a shared jump table; resulting in assertions being triggered in     multithreaded wasm code. This vulnerability affects Firefox < 86. (CVE-2021-23970)

  - When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's     Referrer-Policy. This would have potentially resulted in more information than intended by the original     origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86.
    (CVE-2021-23971)

  - One phishing tactic on the web is to provide a link with HTTP Auth. For example     'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning     dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was     cached by the browser. This vulnerability affects Firefox < 86. (CVE-2021-23972)

  - When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted,     and the content of that error may have revealed information about the resource. This vulnerability affects     Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. (CVE-2021-23973)

  - The DOMParser API did not properly process '' elements for escaping. This could be used as an     mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. (CVE-2021-23974)

  - The developer page about:memory has a Measure function for exploring what object types the browser has     allocated and their sizes. When this function was invoked we incorrectly called the sizeof function,     instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86.
    (CVE-2021-23975)

  - Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these     bugs showed evidence of memory corruption and we presume that with enough effort some of these could have     been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and     Firefox ESR < 78.8. (CVE-2021-23978)

  - Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence     of memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. This vulnerability affects Firefox < 86. (CVE-2021-23979)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-4756-1)

high Nessus Plugin ID 147994

Version 1.4

Version 1.3

Version 1.3

Version 1.4 Oct 16, 2023, 9:38 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv3 score source (set to "CVE-2021-23979") Detection Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin metadata Plugin Feed: 202310162138
Version 1.3 Jan 18, 2023, 9:01 AM Logic Changes (Added support for s390x) Plugin Feed: 202301180901
Version 1.3 Oct 16, 2023, 7:25 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv3 score source (set to "CVE-2021-23979") Detection Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin metadata Plugin Feed: 202310161925