Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.813036 |
Category: | General |
Title: | Mozilla Firefox Security Updates(mfsa_2018-06_2018-07)-MAC OS X |
Summary: | Mozilla Firefox is prone to multiple vulnerabilities. |
Description: | Summary: Mozilla Firefox is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - A buffer overflow error when manipulating SVG animatedPathSegList through script. - An use-after-free error during editor operations. - A lack of parameter validation on IPC messages. - A memory corruption error when packets with a mismatched RTP payload type are sent in WebRTC connections. - Fetch API improperly returns cached copies of no-store/no-cache resources. - The Find API for WebExtensions can search some privileged pages. - The value of the app.support.baseURL preference is not properly sanitized. - WebExtensions may use view-source: URLs to bypass content restrictions. - WebExtensions can bypass normal restrictions in some circumstances. - Same-origin policy violation with data: URL shared workers. - Script content can access legacy extension non-contentaccessible resources. - Moz-icon images accessible to web content through moz-icon: protocol. - A vulnerability in the notifications Push API. - Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs. - Self-XSS pasting javascript: URL with embedded tab into addressbar. - Memory safety bugs fixed in Firefox 59. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct cross-site scripting (XSS) attacks, crash the affected system, conduct sandbox escape, access sensitive data and bypass security restrictions. Affected Software/OS: Mozilla Firefox version before 59 on MAC OS X. Solution: Upgrade to Mozilla Firefox version 59 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-5127 BugTraq ID: 103388 http://www.securityfocus.com/bid/103388 Debian Security Information: DSA-4139 (Google Search) https://www.debian.org/security/2018/dsa-4139 Debian Security Information: DSA-4155 (Google Search) https://www.debian.org/security/2018/dsa-4155 https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html RedHat Security Advisories: RHSA-2018:0526 https://access.redhat.com/errata/RHSA-2018:0526 RedHat Security Advisories: RHSA-2018:0527 https://access.redhat.com/errata/RHSA-2018:0527 RedHat Security Advisories: RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0647 RedHat Security Advisories: RHSA-2018:0648 https://access.redhat.com/errata/RHSA-2018:0648 http://www.securitytracker.com/id/1040514 https://usn.ubuntu.com/3545-1/ https://usn.ubuntu.com/3596-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5128 BugTraq ID: 103386 http://www.securityfocus.com/bid/103386 Common Vulnerability Exposure (CVE) ID: CVE-2018-5129 Common Vulnerability Exposure (CVE) ID: CVE-2018-5130 Common Vulnerability Exposure (CVE) ID: CVE-2018-5131 Common Vulnerability Exposure (CVE) ID: CVE-2018-5132 Common Vulnerability Exposure (CVE) ID: CVE-2018-5133 Common Vulnerability Exposure (CVE) ID: CVE-2018-5134 Common Vulnerability Exposure (CVE) ID: CVE-2018-5135 Common Vulnerability Exposure (CVE) ID: CVE-2018-5136 Common Vulnerability Exposure (CVE) ID: CVE-2018-5137 Common Vulnerability Exposure (CVE) ID: CVE-2018-5140 Common Vulnerability Exposure (CVE) ID: CVE-2018-5141 Common Vulnerability Exposure (CVE) ID: CVE-2018-5142 Common Vulnerability Exposure (CVE) ID: CVE-2018-5143 Common Vulnerability Exposure (CVE) ID: CVE-2018-5126 Common Vulnerability Exposure (CVE) ID: CVE-2018-5125 https://usn.ubuntu.com/3688-1/ |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |