The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0295 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 68.4.1 ESR.

    Security Fix(es):

    * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026)

    * Mozilla: Use-after-free in worker destruction (CVE-2019-17008)

    * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)

    * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016)

    * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017)

    * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024)

    * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)

    * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)

    * Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)

    * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities:

  - When removing data about an origin whose tab was recently closed, a use-after-free could occur in the     Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird <     68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. (CVE-2020-6805)

  - By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of     an array resized during script execution. This could have led to memory corruption and a potentially     exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and     Firefox ESR < 68.6. (CVE-2020-6806)

  - When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not     escape < and > characters. Because the resulting string is pasted directly into the text node of the     element this does not result in a direct injection into the webpage; however, if a webpage subsequently     copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability.
    Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox     ESR < 68.4 and Firefox < 72. (CVE-2019-17022)

  - When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly     rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in     data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17016)

  - Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a     crash. We presume that with enough effort that it could be exploited to run arbitrary code. This     vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17017)

  - Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these     bugs showed evidence of memory corruption and we presume that with enough effort some of these could have     been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
    (CVE-2019-17024)

  - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects     Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. (CVE-2019-17026)

  - When processing an email message with an ill-formed envelope, Thunderbird could read data from a random     memory location. This vulnerability affects Thunderbird < 68.5. (CVE-2020-6793)

  - When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code     caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects     Thunderbird < 68.5. (CVE-2020-6795)

  - When deriving an identifier for an email message, uninitialized memory was used in addition to the message     contents. This vulnerability affects Thunderbird < 68.5. (CVE-2020-6792)

  - If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and     execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer     a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email     in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in     browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox     < ESR68.5. (CVE-2020-6798)

  - Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR     68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some     of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited     through email in the Thunderbird product because scripting is disabled when reading mail, but are     potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5,     Firefox < 73, and Firefox < ESR68.5. (CVE-2020-6800)

  - If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy     of these passwords is still accessible. This is because the older stored password file was not deleted     when the data was copied to a new format starting in Thunderbird 60. The new master password is added only     on the new file. This could allow the exposure of stored password data outside of user expectations. This     vulnerability affects Thunderbird < 68.5. (CVE-2020-6794)

  - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request,     which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command     into a terminal, it could have resulted in command injection and arbitrary command execution. This     vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
    (CVE-2020-6811)

  - usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. (CVE-2019-20503)

  - The first time AirPods are connected to an iPhone, they become named after the user's name by default     (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device     names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames     devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird <     68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. (CVE-2020-6812)

  - When a device was changed while a stream was about to be destroyed, the stream-reinit task     may have been executed after the stream was destroyed, causing a use-after-free and a potentially     exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and     Firefox ESR < 68.6. (CVE-2020-6807)

  - Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox <     ESR68.6, and Firefox ESR < 68.6. (CVE-2020-6814)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0123 advisory.

    [68.4.1-2.0.1]
    - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js

    [68.4.1-2]
    - Update to 68.4.1 build1

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0086 advisory.

    - Added fix for mozbz#1348168/CVE-2017-5428

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the mozjs60 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a     crash. We presume that with enough effort that it could be exploited to run arbitrary code. This     vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17017)

  - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects     Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. (CVE-2019-17026)

  - The type inference system allows the compilation of functions that can cause type confusions between     arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor     function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and     writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR     < 60.6, and Firefox < 66. (CVE-2019-9791)

  - A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be     used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects     Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. (CVE-2019-9795)

  - Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing     bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and     Thunderbird < 60.6.1. (CVE-2019-9810)

  - Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be     leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR <     60.6.1, and Thunderbird < 60.6.1. (CVE-2019-9813)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the mozjs60 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a     crash. We presume that with enough effort that it could be exploited to run arbitrary code. This     vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17017)

  - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects     Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. (CVE-2019-17026)

  - The type inference system allows the compilation of functions that can cause type confusions between     arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor     function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and     writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR     < 60.6, and Firefox < 66. (CVE-2019-9791)

  - A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be     used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects     Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. (CVE-2019-9795)

  - Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing     bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and     Thunderbird < 60.6.1. (CVE-2019-9810)

  - Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be     leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR <     60.6.1, and Thunderbird < 60.6.1. (CVE-2019-9813)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Firefox installed on the remote host is prior to 72.0.1. It is affected by following vulnerability as referenced in the mfsa2020-03 advisory:

 - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion.

The version of Firefox ESR installed on the remote host is prior to 68.4.1. It is affected by following vulnerability as referenced in the mfsa2020-03 advisory:

 - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion.

ID	Name	Product	Family	Published	Updated	Severity
133386	RHEL 8 : firefox (RHSA-2020:0295)	Nessus	Red Hat Local Security Checks	1/31/2020	11/7/2024	high
140291	NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0046)	Nessus	NewStart CGSL Local Security Checks	9/7/2020	12/6/2022	critical
180631	Oracle Linux 6 : thunderbird (ELSA-2020-0123)	Nessus	Oracle Linux Local Security Checks	9/7/2023	10/22/2024	high
180643	Oracle Linux 6 : firefox (ELSA-2020-0086)	Nessus	Oracle Linux Local Security Checks	9/7/2023	10/22/2024	high
147312	NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)	Nessus	NewStart CGSL Local Security Checks	3/10/2021	4/25/2023	critical
159783	EulerOS 2.0 SP9 : mozjs60 (EulerOS-SA-2022-1431)	Nessus	Huawei Local Security Checks	4/18/2022	12/5/2022	critical
159810	EulerOS 2.0 SP9 : mozjs60 (EulerOS-SA-2022-1452)	Nessus	Huawei Local Security Checks	4/18/2022	12/5/2022	critical
160606	EulerOS Virtualization 2.9.1 : mozjs60 (EulerOS-SA-2022-1609)	Nessus	Huawei Local Security Checks	5/5/2022	12/5/2022	critical
701257	Mozilla Firefox < 72.0.1 Type Confusion (mfsa2020-03)	Nessus Network Monitor	Web Clients	1/8/2020	1/8/2020	high
701258	Mozilla Firefox ESR < 68.4.1 Type Confusion (mfsa2020-03)	Nessus Network Monitor	Web Clients	1/8/2020	1/8/2020	high

Detections

Analytics

Plugins Search

high

critical

high

high

critical

critical

critical

critical

high

high