Plugins Database As of 12-09-2019

RedHat Update for firefox RHSA-2018:0122-01

Red Hat Local Security Checks
Impact by CVSS Score
  • ID: 1.3.6.1.4.1.25623.1.0.910005

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Detection Type:
Linux Distribution Package

Summary:
The remote host is missing an update for the 'firefox' Linux Distribution Package(s) announced via the referenced advisory.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117) * To mitigate timing-based side-channel attacks similar to 'Spectre' and 'Meltdown', the resolution of performance.now() has been reduced from 5s to 20s. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Jason Kratzer, Marcia Knous, Nathan Froyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson Smith, Cobos lvarez, Ryan VanderMeulen, Sebastian Hengst, Karl Tomlinson, Xidorn Quan, Ludovic Hirlimann, Jason Orendorff, Looben Yang, Anonymous, Nils, and Xisigr as the original reporters.

Affected Versions:
firefox on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Server (v. 7), Red Hat Enterprise Linux Workstation (v. 6)

Recommendations:
Please Install the Updated Packages.

Solution Type:
Vendor Patch

Search
Severity
High
CVSS Score
7.5
Published
2018-01-25 06:52:56
Modified
2018-11-23 08:28:21
CVE
CVE-2018-5089
CVE-2018-5091
CVE-2018-5095
CVE-2018-5096
CVE-2018-5097
CVE-2018-5098
CVE-2018-5099
CVE-2018-5102
CVE-2018-5103
CVE-2018-5104
CVE-2018-5117

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.