SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:3745-1)

critical Nessus Plugin ID 155644

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3745-1 advisory.

 - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. (CVE-2021-38503)

 - When interacting with an HTML input element's file picker dialog with <code>webkitdirectory</code> set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash.
 (CVE-2021-38504)

 - Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios.
 Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected. (CVE-2021-38505)

 - Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing.
 (CVE-2021-38506)

 - Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports (CVE-2021-38507)

 - By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. (CVE-2021-38508)

 - Mozilla: Javascript alert box could have been spoofed onto an arbitrary domain (CVE-2021-38509)

 - The executable file warning was not presented when downloading .inetloc files, which can run commands on a user's computer. Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected. (CVE-2021-38510)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected MozillaFirefox, MozillaFirefox-devel, MozillaFirefox-translations-common and / or MozillaFirefox- translations-other packages.

See Also

https://bugzilla.suse.com/1192250

http://www.nessus.org/u?2cc3624f

https://www.suse.com/security/cve/CVE-2021-38503

https://www.suse.com/security/cve/CVE-2021-38504

https://www.suse.com/security/cve/CVE-2021-38505

https://www.suse.com/security/cve/CVE-2021-38506

https://www.suse.com/security/cve/CVE-2021-38507

https://www.suse.com/security/cve/CVE-2021-38508

https://www.suse.com/security/cve/CVE-2021-38509

https://www.suse.com/security/cve/CVE-2021-38510

Plugin Details

Severity: Critical

ID: 155644

File Name: suse_SU-2021-3745-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 11/20/2021

Updated: 3/17/2022

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS Score Source: CVE-2021-38503

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:mozillafirefox, p-cpe:/a:novell:suse_linux:mozillafirefox-devel, p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common, p-cpe:/a:novell:suse_linux:mozillafirefox-translations-other, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/19/2021

Vulnerability Publication Date: 11/2/2021

Reference Information

CVE: CVE-2021-38503, CVE-2021-38504, CVE-2021-38505, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-38510

SuSE: SUSE-SU-2021:3745-1

IAVA: 2021-A-0527-S