The version of Firefox ESR installed on the remote Windows host is prior to 68.4.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-03 advisory.

  - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild abusing this flaw. (CVE-2019-17026)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 72.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-03 advisory.

  - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild abusing this flaw. (CVE-2019-17026)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

New mozilla-thunderbird packages are available for Slackware 14.2 and
-current to fix security issues.

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0085 advisory.

    [68.4.1-1.0.1]
    - Remove upstream references [Orabug: 30143292]
    - Update distribution for Oracle Linux [Orabug: 30143292]
    - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

    [68.4.1-1]
    - Update to 68.4.1esr build1
    - Update to 68.4.0esr build1
    - Fix for wrong intl.accept_lang when using non en-us langpack

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0123 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 68.4.1.

    Security Fix(es):

    * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026)

    * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016)

    * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017)

    * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024)

    * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of thunderbird installed on the remote host is prior to 68.4.1-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1393 advisory.

    When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly     rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in     data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17016)

    Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these     bugs showed evidence of memory corruption and we presume that with enough effort some of these could have     been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox <     72.(CVE-2019-17024)

    When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape <     and > characters. Because the resulting string is pasted directly into the text node of the element this     does not result in a direct injection into the webpage; however, if a webpage subsequently copies the     node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two     WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR     < 68.4 and Firefox < 72.(CVE-2019-17022)

    Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a     crash. We presume that with enough effort that it could be exploited to run arbitrary code. This     vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17017)

    Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild abusing this flaw.(CVE-2019-17026)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities:

  - When pasting a <style> tag from the clipboard into     a rich text editor, the CSS sanitizer does not escape     < and > characters. Because the resulting string     is pasted directly into the text node of the element     this does not result in a direct injection into the     webpage; however, if a webpage subsequently copies the     node's innerHTML, assigning it to another innerHTML,     this would result in an XSS vulnerability. Two WYSIWYG     editors were identified with this behavior, more may     exist. This vulnerability affects Firefox ESR < 68.4 and     Firefox < 72. (CVE-2019-17022)

  - When pasting a <style> tag from the clipboard into     a rich text editor, the CSS sanitizer incorrectly     rewrites a @namespace rule. This could allow for     injection into certain types of websites resulting in     data exfiltration. This vulnerability affects Firefox     ESR < 68.4 and Firefox < 72. (CVE-2019-17016)

  - Due to a missing case handling object types, a type     confusion vulnerability could occur, resulting in a     crash. We presume that with enough effort that it could     be exploited to run arbitrary code. This vulnerability     affects Firefox ESR < 68.4 and Firefox < 72.
    (CVE-2019-17017)

  - Mozilla developers reported memory safety bugs present     in Firefox 71 and Firefox ESR 68.3. Some of these bugs     showed evidence of memory corruption and we presume that     with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability     affects Firefox ESR < 68.4 and Firefox < 72.
    (CVE-2019-17024)

  - Incorrect alias information in IonMonkey JIT compiler     for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild     abusing this flaw. This vulnerability affects Firefox     ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox <     72.0.1. (CVE-2019-17026)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities:

  - When pasting a <style> tag from the clipboard into     a rich text editor, the CSS sanitizer does not escape     < and > characters. Because the resulting string     is pasted directly into the text node of the element     this does not result in a direct injection into the     webpage; however, if a webpage subsequently copies the     node's innerHTML, assigning it to another innerHTML,     this would result in an XSS vulnerability. Two WYSIWYG     editors were identified with this behavior, more may     exist. This vulnerability affects Firefox ESR < 68.4 and     Firefox < 72. (CVE-2019-17022)

  - When pasting a <style> tag from the clipboard into     a rich text editor, the CSS sanitizer incorrectly     rewrites a @namespace rule. This could allow for     injection into certain types of websites resulting in     data exfiltration. This vulnerability affects Firefox     ESR < 68.4 and Firefox < 72. (CVE-2019-17016)

  - Due to a missing case handling object types, a type     confusion vulnerability could occur, resulting in a     crash. We presume that with enough effort that it could     be exploited to run arbitrary code. This vulnerability     affects Firefox ESR < 68.4 and Firefox < 72.
    (CVE-2019-17017)

  - Mozilla developers reported memory safety bugs present     in Firefox 71 and Firefox ESR 68.3. Some of these bugs     showed evidence of memory corruption and we presume that     with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability     affects Firefox ESR < 68.4 and Firefox < 72.
    (CVE-2019-17024)

  - Incorrect alias information in IonMonkey JIT compiler     for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild     abusing this flaw. This vulnerability affects Firefox     ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox <     72.0.1. (CVE-2019-17026)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the mozjs60 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a     crash. We presume that with enough effort that it could be exploited to run arbitrary code. This     vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17017)

  - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects     Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. (CVE-2019-17026)

  - The type inference system allows the compilation of functions that can cause type confusions between     arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor     function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and     writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR     < 60.6, and Firefox < 66. (CVE-2019-9791)

  - A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be     used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects     Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. (CVE-2019-9795)

  - Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing     bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and     Thunderbird < 60.6.1. (CVE-2019-9810)

  - Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be     leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR <     60.6.1, and Thunderbird < 60.6.1. (CVE-2019-9813)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Firefox ESR installed on the remote host is prior to 68.4.1. It is affected by following vulnerability as referenced in the mfsa2020-03 advisory:

 - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion.

The version of Firefox installed on the remote host is prior to 72.0.1. It is affected by following vulnerability as referenced in the mfsa2020-03 advisory:

 - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion.

ID	Name	Product	Family	Published	Updated	Severity
132714	Mozilla Firefox ESR < 68.4.1	Nessus	Windows	1/8/2020	11/18/2025	high
132715	Mozilla Firefox < 72.0.1	Nessus	Windows	1/8/2020	11/18/2025	high
132847	Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-010-01)	Nessus	Slackware Local Security Checks	1/13/2020	4/25/2023	high
132881	Oracle Linux 7 : firefox (ELSA-2020-0085)	Nessus	Oracle Linux Local Security Checks	1/15/2020	10/22/2024	high
133024	RHEL 6 : thunderbird (RHSA-2020:0123)	Nessus	Red Hat Local Security Checks	1/17/2020	11/7/2024	high
133652	Amazon Linux 2 : thunderbird (ALAS-2020-1393)	Nessus	Amazon Linux Local Security Checks	2/13/2020	12/11/2024	high
134321	NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0010)	Nessus	NewStart CGSL Local Security Checks	3/8/2020	12/6/2022	high
134325	NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0011)	Nessus	NewStart CGSL Local Security Checks	3/8/2020	12/6/2022	high
160609	EulerOS Virtualization 2.9.0 : mozjs60 (EulerOS-SA-2022-1632)	Nessus	Huawei Local Security Checks	5/5/2022	12/5/2022	critical
701258	Mozilla Firefox ESR < 68.4.1 Type Confusion (mfsa2020-03)	Nessus Network Monitor	Web Clients	1/8/2020	1/8/2020	high
701257	Mozilla Firefox < 72.0.1 Type Confusion (mfsa2020-03)	Nessus Network Monitor	Web Clients	1/8/2020	1/8/2020	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

critical

high

high