Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:136141256231112202365092HistoryDec 04, 2023 - 12:00 a.m.
Ubuntu: Security Advisory (USN-6509-2)
2023-12-0400:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
1
ubuntu
security
advisory
firefox
update
vulnerabilities
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.1%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.12.2023.6509.2");
script_cve_id("CVE-2023-6204", "CVE-2023-6205", "CVE-2023-6206", "CVE-2023-6207", "CVE-2023-6208", "CVE-2023-6209", "CVE-2023-6210", "CVE-2023-6211", "CVE-2023-6212", "CVE-2023-6213");
script_tag(name:"creation_date", value:"2023-12-04 12:30:31 +0000 (Mon, 04 Dec 2023)");
script_version("2024-02-02T05:06:10+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-11-28 19:29:57 +0000 (Tue, 28 Nov 2023)");
script_name("Ubuntu: Security Advisory (USN-6509-2)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU20\.04\ LTS");
script_xref(name:"Advisory-ID", value:"USN-6509-2");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-6509-2");
script_xref(name:"URL", value:"https://launchpad.net/bugs/2045518");
script_tag(name:"summary", value:"The remote host is missing an update for the 'firefox' package(s) announced via the USN-6509-2 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"USN-6509-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-6206,
CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213)
It was discovered that Firefox did not properly manage memory when
images were created on the canvas element. An attacker could potentially
exploit this issue to obtain sensitive information. (CVE-2023-6204)
It discovered that Firefox incorrectly handled certain memory when using a
MessagePort. An attacker could potentially exploit this issue to cause a
denial of service. (CVE-2023-6205)
It discovered that Firefox incorrectly did not properly manage ownership
in ReadableByteStreams. An attacker could potentially exploit this issue
to cause a denial of service. (CVE-2023-6207)
It discovered that Firefox incorrectly did not properly manage copy
operations when using Selection API in X11. An attacker could potentially
exploit this issue to obtain sensitive information. (CVE-2023-6208)
Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative
URLS starting with '///'. An attacker could potentially exploit this issue
to cause a denial of service. (CVE-2023-6209)");
script_tag(name:"affected", value:"'firefox' package(s) on Ubuntu 20.04.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU20.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"firefox", ver:"120.0.1+build1-0ubuntu0.20.04.1", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
osv
osv
firefox vulnerabilities
2023-11-23 05:39:06
firefox regressions
2023-12-04 02:22:47
thunderbird - security update
2023-11-30 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2023-11-23 00:00:00
Firefox regressions
2023-12-04 00:00:00
Thunderbird vulnerabilities
2023-11-27 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 120 — Mozilla
2023-11-21 00:00:00
Security Vulnerabilities fixed in Firefox ESR 115.5.0 — Mozilla
2023-11-21 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.5 — Mozilla
2023-11-21 00:00:00
nessus
nessus
Fedora 38 : firefox (2023-c908110b8a)
2023-11-21 00:00:00
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6509-1)
2023-11-23 00:00:00
Fedora 39 : firefox (2023-2bd5892754)
2023-11-21 00:00:00
kaspersky
kaspersky
KLA62070 Multiple vulnerabilities in Mozilla Firefox
2023-11-21 00:00:00
KLA62089 Multiple vulnerabilities in Mozilla Firefox ESR
2023-11-21 00:00:00
KLA62090 Multiple vulnerabilities in Mozilla Thunderbird
2023-11-21 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2023-49) - Linux
2023-11-22 00:00:00
Ubuntu: Security Advisory (USN-6509-1)
2023-11-24 00:00:00
Mozilla Firefox Security Advisories (MFSA2023-49, MFSA2023-52) - Windows
2023-11-23 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2023-12-08 13:55:49
Updated firefox packages fix security vulnerabilities
2023-12-08 13:55:49
oraclelinux
oraclelinux
firefox security update
2023-11-28 00:00:00
thunderbird security update
2023-11-28 00:00:00
firefox security update
2023-11-28 00:00:00
almalinux
almalinux
Important: thunderbird security update
2023-11-27 00:00:00
Important: thunderbird security update
2023-11-27 00:00:00
Important: firefox security update
2023-11-27 00:00:00
redhat
redhat
(RHSA-2023:7502) Important: thunderbird security update
2023-11-27 15:03:33
(RHSA-2023:7511) Important: firefox security update
2023-11-27 15:09:14
(RHSA-2023:7510) Important: firefox security update
2023-11-27 15:08:22
amazon
amazon
Important: thunderbird
2024-01-03 21:04:00
debian
debian
[SECURITY] [DLA 3661-1] firefox-esr security update
2023-11-23 22:42:30
[SECURITY] [DLA 3674-1] thunderbird security update
2023-11-30 14:26:11
[SECURITY] [DSA 5566-1] thunderbird security update
2023-11-26 00:04:01
slackware
slackware
[slackware-security] mozilla-thunderbird
2023-11-22 19:38:40
[slackware-security] mozilla-firefox
2023-11-21 21:38:12
rocky
rocky
thunderbird security update
2023-11-28 22:43:36
alpinelinux
alpinelinux
prion
prion
Information disclosure
2023-11-21 15:15:00
Memory corruption
2023-11-21 15:15:00
Code injection
2023-11-21 15:15:00
debiancve
debiancve
cvelist
cvelist
ubuntucve
ubuntucve
nvd
nvd
cve
cve
veracode
veracode
Improper Restriction Of Rendered UI Layers Or Frames
2023-11-28 14:45:10
Clipboard Injection
2023-11-28 14:18:12
Denial Of Service (DoS)
2023-11-28 14:45:26
redhatcve
redhatcve
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.1%
Related for OPENVAS:136141256231112202365092