The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-07c1537955 advisory.

  - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode()     function and loop through to free best.bw and assign best = trial pointer. The second loop will then     return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the     AddressSanitizer will attempt a double free. (CVE-2023-1999)

  - An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory     corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS.
    Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10,     and Thunderbird < 102.10. (CVE-2023-29531)

  - A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by     pointing the service at an update file on a malicious SMB server. The update file can be replaced after     the signature check, before the use, because the write-lock requested by the service does not work on a     SMB server. *Note: This attack requires local system access and only affects Windows. Other operating     systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird     < 102.10. (CVE-2023-29532)

  - A website could have obscured the fullscreen notification by using a combination of     <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and     <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This     vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android <     112, and Thunderbird < 102.10. (CVE-2023-29533)

  - Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android.
    These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and     Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for     Android < 112 and Focus for Android < 112. (CVE-2023-29534)

  - Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly     traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects     Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird <     102.10. (CVE-2023-29535)

  - An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-     controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This     vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android <     112, and Thunderbird < 102.10. (CVE-2023-29536)

  - Multiple race conditions in the font initialization could have led to memory corruption and execution of     attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus     for Android < 112. (CVE-2023-29537)

  - Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a     <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's     machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
    (CVE-2023-29538)

  - When handling the filename directive in the Content-Disposition header, the filename would be truncated if     the filename contained a NULL character. This could have led to reflected file download attacks     potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android     < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. (CVE-2023-29539)

  - Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external     protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This     vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
    (CVE-2023-29540)

  - Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be     interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain     Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected     Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR <     102.10, Firefox for Android < 112, and Thunderbird < 102.10. (CVE-2023-29541)

  - A newline in a filename could have been used to bypass the file extension security mechanisms that replace     malicious file extensions such as .lnk with .download. This could have led to accidental execution of     malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and     Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and     Thunderbird < 102.10. (CVE-2023-29542)

  - An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer     in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112,     and Focus for Android < 112. (CVE-2023-29543)

  - If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could     have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for     Android < 112, Firefox < 112, and Focus for Android < 112. (CVE-2023-29544)

  - Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing     environment variable names would have resolved those in the context of the current user. *This bug only     affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.*     This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. (CVE-2023-29545)

  - When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard     were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android.
    Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus     for Android < 112. (CVE-2023-29546)

  - When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have     been created, when it should have silently failed. This could have led to a desynchronization in expected     results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox     < 112, and Focus for Android < 112. (CVE-2023-29547)

  - A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This     vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android <     112, and Thunderbird < 102.10. (CVE-2023-29548)

  - Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect     realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES.
    This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
    (CVE-2023-29549)

  - Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10,     Firefox for Android < 112, and Thunderbird < 102.10. (CVE-2023-29550)

  - Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code. This     vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
    (CVE-2023-29551)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Fedora 38 : firefox (2023-07c1537955)

critical Nessus Plugin ID 174353

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Apr 30, 2024, 4:27 AM Plugin metadata Plugin Feed: 202404300427
Version 1.1 Nov 7, 2023, 9:51 PM CVE (set "CVE" coverage to "CVE-2023-1999,CVE-2023-29531,CVE-2023-29532,CVE-2023-29533,CVE-2023-29534,CVE-2023-29535,CVE-2023-29536,CVE-2023-29537,CVE-2023-29538,CVE-2023-29539,CVE-2023-29540,CVE-2023-29541,CVE-2023-29542,CVE-2023-29543,CVE-2023-29544,CVE-2023-29545,CVE-2023-29546,CVE-2023-29547,CVE-2023-29548,CVE-2023-29549,CVE-2023-29550,CVE-2023-29551") CVSS metrics ("CVSSv2 score" set to 10.0. "CVSSv3 score" set to 9.8. "CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H". "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 score source (set to "CVE-2023-29551") CVSSv3 score source (set to "CVE-2023-29542") Plugin Feed: 202311072151
Version 1.0 Apr 15, 2023, 7:56 AM New Plugin Feed: 202304150756