The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.4.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-03 advisory.

  - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild abusing this flaw. (CVE-2019-17026)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities:

  - When removing data about an origin whose tab was recently closed, a use-after-free could occur in the     Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird <     68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. (CVE-2020-6805)

  - By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of     an array resized during script execution. This could have led to memory corruption and a potentially     exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and     Firefox ESR < 68.6. (CVE-2020-6806)

  - When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not     escape < and > characters. Because the resulting string is pasted directly into the text node of the     element this does not result in a direct injection into the webpage; however, if a webpage subsequently     copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability.
    Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox     ESR < 68.4 and Firefox < 72. (CVE-2019-17022)

  - When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly     rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in     data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17016)

  - Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a     crash. We presume that with enough effort that it could be exploited to run arbitrary code. This     vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17017)

  - Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these     bugs showed evidence of memory corruption and we presume that with enough effort some of these could have     been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
    (CVE-2019-17024)

  - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects     Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. (CVE-2019-17026)

  - A content process could have modified shared memory relating to crash reporting information, crash itself,     and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable     crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. (CVE-2020-6796)

  - If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and     execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer     a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email     in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in     browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox     < ESR68.5. (CVE-2020-6798)

  - Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR     68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some     of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited     through email in the Thunderbird product because scripting is disabled when reading mail, but are     potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5,     Firefox < 73, and Firefox < ESR68.5. (CVE-2020-6800)

  - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request,     which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command     into a terminal, it could have resulted in command injection and arbitrary command execution. This     vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
    (CVE-2020-6811)

  - usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. (CVE-2019-20503)

  - The first time AirPods are connected to an iPhone, they become named after the user's name by default     (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device     names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames     devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird <     68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. (CVE-2020-6812)

  - When a device was changed while a stream was about to be destroyed, the stream-reinit task     may have been executed after the stream was destroyed, causing a use-after-free and a potentially     exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and     Firefox ESR < 68.6. (CVE-2020-6807)

  - Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox <     ESR68.6, and Firefox ESR < 68.6. (CVE-2020-6814)

  - Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-     free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects     Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. (CVE-2020-6819)

  - Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We     are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird <     68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. (CVE-2020-6820)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4234-1 advisory.

    Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially     crafted website, an attacker could potentially exploit these to cause a denial of service, obtain     sensitive information, bypass Content Security Policy (CSP) restrictions, conduct cross-site scripting     (XSS) attacks, or execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0127 advisory.

    [68.4.1-2.0.1.el8_1]
    - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js

    [68.4.1-2]
    - Update to 68.4.1 build1

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0111 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 68.4.1 ESR.

    Security Fix(es):

    * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026)

    * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016)

    * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017)

    * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024)

    * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0120 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 68.4.1.

    Security Fix(es):

    * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026)

    * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016)

    * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017)

    * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024)

    * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or information disclosure.

New mozilla-thunderbird packages are available for Slackware 14.2 and
-current to fix security issues.

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0123 advisory.

  - When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly     rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in     data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17016)

  - Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a     crash. We presume that with enough effort that it could be exploited to run arbitrary code. This     vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17017)

  - When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not     escape < and > characters. Because the resulting string is pasted directly into the text node of the     element this does not result in a direct injection into the webpage; however, if a webpage subsequently     copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability.
    Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox     ESR < 68.4 and Firefox < 72. (CVE-2019-17022)

  - Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these     bugs showed evidence of memory corruption and we presume that with enough effort some of these could have     been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
    (CVE-2019-17024)

  - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects     Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. (CVE-2019-17026)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0086 advisory.

    - Added fix for mozbz#1348168/CVE-2017-5428

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update upgrades Firefox to version 68.4.1 ESR.

Security Fix(es) :

  - Mozilla: IonMonkey type confusion with StoreElementHole     and FallibleStoreElement (CVE-2019-17026)

  - Mozilla: Bypass of @namespace CSS sanitization during     pasting (CVE-2019-17016)

  - Mozilla: Type Confusion in XPCVariant.cpp     (CVE-2019-17017)

  - Mozilla: Memory safety bugs fixed in Firefox 72 and     Firefox ESR 68.4 (CVE-2019-17024)

  - Mozilla: CSS sanitization does not escape HTML tags     (CVE-2019-17022)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4241-1 advisory.

    Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially     crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of     service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-17005,     CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017,     CVE-2019-17022, CVE-2019-17024, CVE-2019-17026)

    It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could     potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0086 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 68.4.1 ESR.

    Security Fix(es):

    * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026)

    * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016)

    * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017)

    * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024)

    * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 68.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-04 advisory.

  - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild abusing this flaw. (CVE-2019-17026)

  - During the initialization of a new content process, a pointer offset can be manipulated leading to memory     corruption and a potentially exploitable crash in the parent process.  Note: this issue only occurs on     Windows. Other operating systems are unaffected. (CVE-2019-17015)

  - When pasting a <code><style></code> tag from the clipboard into a rich text editor, the CSS     sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of     websites resulting in data exfiltration. (CVE-2019-17016)

  - Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a     crash. We presume that with enough effort that it could be exploited to run arbitrary code.
    (CVE-2019-17017)

  - During the initialization of a new content process, a race condition occurs that can allow a content     process to disclose heap addresses from the parent process.  Note: this issue only occurs on Windows.
    Other operating systems are unaffected. (CVE-2019-17021)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
132712	Mozilla Firefox ESR < 68.4.1	Nessus	MacOS X Local Security Checks	1/8/2020	11/18/2025	high
140283	NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0047)	Nessus	NewStart CGSL Local Security Checks	9/7/2020	12/6/2022	critical
132854	Ubuntu 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-4234-1)	Nessus	Ubuntu Local Security Checks	1/13/2020	8/27/2024	high
133153	Oracle Linux 8 : thunderbird (ELSA-2020-0127)	Nessus	Oracle Linux Local Security Checks	1/22/2020	10/22/2024	high
132887	RHEL 8 : firefox (RHSA-2020:0111)	Nessus	Red Hat Local Security Checks	1/15/2020	11/7/2024	high
133022	RHEL 7 : thunderbird (RHSA-2020:0120)	Nessus	Red Hat Local Security Checks	1/17/2020	11/7/2024	high
133106	Debian DSA-4603-1 : thunderbird - security update	Nessus	Debian Local Security Checks	1/21/2020	3/29/2024	high
132847	Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-010-01)	Nessus	Slackware Local Security Checks	1/13/2020	4/25/2023	high
133099	CentOS 6 : thunderbird (RHSA-2020:0123)	Nessus	CentOS Local Security Checks	1/21/2020	10/9/2024	high
180643	Oracle Linux 6 : firefox (ELSA-2020-0086)	Nessus	Oracle Linux Local Security Checks	9/7/2023	10/22/2024	high
132888	Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200113)	Nessus	Scientific Linux Local Security Checks	1/15/2020	3/29/2024	high
133040	Ubuntu 18.04 LTS : Thunderbird vulnerabilities (USN-4241-1)	Nessus	Ubuntu Local Security Checks	1/17/2020	8/27/2024	high
132885	RHEL 6 : firefox (RHSA-2020:0086)	Nessus	Red Hat Local Security Checks	1/15/2020	11/7/2024	high
132774	Mozilla Thunderbird < 68.4.1	Nessus	Windows	1/10/2020	11/18/2025	high

Detections

Analytics

Plugins Search

high

critical

high

high

high

high

high

high

high

high

high

high

high

high