The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5477 advisory.

  - firefox: use-after-free in workers (CVE-2023-3600)

  - Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169)

  - Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171)

  - Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176)

  - libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : firefox (RHSA-2023:5477)

critical Nessus Plugin ID 182594

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Apr 28, 2024, 2:25 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202404281425
Version 1.2 Nov 2, 2023, 4:31 AM IAVM reference Plugin Feed: 202311020431
Version 1.1 Oct 6, 2023, 5:06 PM CVSS metrics ("CVSSv2 score" changed from 6.8 to 10.0. "CVSSv2 vector" changed from "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSSv2 severity (based on CVE-2023-5217, severity increased from "Medium" to "High") Plugin Feed: 202310061706
Version 1.0 Oct 5, 2023, 10:10 PM New Plugin Feed: 202310052210