On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2061-1 advisory.

    - Update to version 115.12.0 ESR (bsc#1226027)
    - CVE-2024-5702: Use-after-free in networking
    - CVE-2024-5688: Use-after-free in JavaScript object transplant
    - CVE-2024-5690: External protocol handlers leaked by timing attack
    - CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
    - CVE-2024-5692: Bypass of file name restrictions during saving
    - CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas
    - CVE-2024-5696: Memory Corruption in Text Fragments
    - CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2073-1 advisory.

    - Update to version 115.12.0 ESR (bsc#1226027)
    - CVE-2024-5702: Use-after-free in networking
    - CVE-2024-5688: Use-after-free in JavaScript object transplant
    - CVE-2024-5690: External protocol handlers leaked by timing attack
    - CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
    - CVE-2024-5692: Bypass of file name restrictions during saving
    - CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas
    - CVE-2024-5696: Memory Corruption in Text Fragments
    - CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-748bedc96c advisory.

    Update to 115.12.0

    * https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/
    * https://www.thunderbird.net/en-US/thunderbird/115.12.0/releasenotes/


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-28 advisory.

  - Memory corruption in the networking stack could have led to a potentially exploitable crash.
    (CVE-2024-5702)

  - If a garbage collection was triggered at the right time, a use-after-free could have occurred during     object transplant. (CVE-2024-5688)

  - By monitoring the time certain operations take, an attacker could have guessed which external protocol     handlers were functional on a user's system. (CVE-2024-5690)

  - By tricking the browser with a <code>X-Frame-Options</code> header, a sandboxed iframe could have     presented a button that, if clicked by a user, would bypass restrictions to open a new window.
    (CVE-2024-5691)

  - On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into     saving the file with a disallowed extension such as <code>.url</code> by including an invalid character in     the extension. Note: This issue only affected Windows operating systems. Other operating systems are     unaffected. (CVE-2024-5692)

  - Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data     from another site in violation of same-origin policy. (CVE-2024-5693)

  - By manipulating the text in an <code><input></code> tag, an attacker could have caused corrupt     memory leading to a potentially exploitable crash. (CVE-2024-5696)

  - Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-5700)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-28 advisory.

  - Memory corruption in the networking stack could have led to a potentially exploitable crash.
    (CVE-2024-5702)

  - If a garbage collection was triggered at the right time, a use-after-free could have occurred during     object transplant. (CVE-2024-5688)

  - By monitoring the time certain operations take, an attacker could have guessed which external protocol     handlers were functional on a user's system. (CVE-2024-5690)

  - By tricking the browser with a <code>X-Frame-Options</code> header, a sandboxed iframe could have     presented a button that, if clicked by a user, would bypass restrictions to open a new window.
    (CVE-2024-5691)

  - On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into     saving the file with a disallowed extension such as <code>.url</code> by including an invalid character in     the extension. Note: This issue only affected Windows operating systems. Other operating systems are     unaffected. (CVE-2024-5692)

  - Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data     from another site in violation of same-origin policy. (CVE-2024-5693)

  - By manipulating the text in an <code><input></code> tag, an attacker could have caused corrupt     memory leading to a potentially exploitable crash. (CVE-2024-5696)

  - Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-5700)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2012-1 advisory.

    - Update to version 115.12.0 ESR (bsc#1226027)
    - CVE-2024-5702: Use-after-free in networking
    - CVE-2024-5688: Use-after-free in JavaScript object transplant
    - CVE-2024-5690: External protocol handlers leaked by timing attack
    - CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
    - CVE-2024-5692: Bypass of file name restrictions during saving
    - CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas
    - CVE-2024-5696: Memory Corruption in Text Fragments
    - CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4a22a9cd11 advisory.

    Update to latest upstream version.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 115.12.0esr / 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-163-01 advisory.

    New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-firefox security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory.

  - Memory corruption in the networking stack could have led to a potentially exploitable crash.
    (CVE-2024-5702)

  - If a garbage collection was triggered at the right time, a use-after-free could have occurred during     object transplant. (CVE-2024-5688)

  - By monitoring the time certain operations take, an attacker could have guessed which external protocol     handlers were functional on a user's system. (CVE-2024-5690)

  - By tricking the browser with a <code>X-Frame-Options</code> header, a sandboxed iframe could have     presented a button that, if clicked by a user, would bypass restrictions to open a new window.
    (CVE-2024-5691)

  - On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into     saving the file with a disallowed extension such as <code>.url</code> by including an invalid character in     the extension. Note: This issue only affected Windows operating systems. Other operating systems are     unaffected. (CVE-2024-5692)

  - Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data     from another site in violation of same-origin policy. (CVE-2024-5693)

  - By manipulating the text in an <code><input></code> tag, an attacker could have caused corrupt     memory leading to a potentially exploitable crash. (CVE-2024-5696)

  - Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-5700)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory.

  - Memory corruption in the networking stack could have led to a potentially exploitable crash.
    (CVE-2024-5702)

  - If a garbage collection was triggered at the right time, a use-after-free could have occurred during     object transplant. (CVE-2024-5688)

  - By monitoring the time certain operations take, an attacker could have guessed which external protocol     handlers were functional on a user's system. (CVE-2024-5690)

  - By tricking the browser with a <code>X-Frame-Options</code> header, a sandboxed iframe could have     presented a button that, if clicked by a user, would bypass restrictions to open a new window.
    (CVE-2024-5691)

  - On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into     saving the file with a disallowed extension such as <code>.url</code> by including an invalid character in     the extension. Note: This issue only affected Windows operating systems. Other operating systems are     unaffected. (CVE-2024-5692)

  - Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data     from another site in violation of same-origin policy. (CVE-2024-5693)

  - By manipulating the text in an <code><input></code> tag, an attacker could have caused corrupt     memory leading to a potentially exploitable crash. (CVE-2024-5696)

  - Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-5700)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-25 advisory.

  - If a specific sequence of actions is performed when opening a new tab, the triggering principal associated     with the new tab may have been incorrect. The triggering principal is used to calculate many values,     including the <code>Referer</code> and <code>Sec-</code> headers, meaning there is the potential for     incorrect security checks within the browser in addition to incorrect or misleading information sent to     remote websites. This bug only affects Firefox for Android. Other versions of Firefox are unaffected.
    (CVE-2024-5687)

  - If a garbage collection was triggered at the right time, a use-after-free could have occurred during     object transplant. (CVE-2024-5688)

  - In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My     Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used     for phishing. (CVE-2024-5689)

  - By monitoring the time certain operations take, an attacker could have guessed which external protocol     handlers were functional on a user's system. (CVE-2024-5690)

  - By tricking the browser with a <code>X-Frame-Options</code> header, a sandboxed iframe could have     presented a button that, if clicked by a user, would bypass restrictions to open a new window.
    (CVE-2024-5691)

  - On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving     the file with a disallowed extension such as <code>.url</code> by including an invalid character in the     extension. Note: This issue only affected Windows operating systems. Other operating systems are     unaffected. (CVE-2024-5692)

  - Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data     from another site in violation of same-origin policy. (CVE-2024-5693)

  - An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript     string section of the heap. (CVE-2024-5694)

  - If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap     checker, an assertion could have been triggered, and in rarer situations, memory corruption could have     occurred. (CVE-2024-5695)

  - By manipulating the text in an <code><input></code> tag, an attacker could have caused corrupt     memory leading to a potentially exploitable crash. (CVE-2024-5696)

  - A website was able to detect when a user took a screenshot of a page using the built-in Screenshot     functionality in Firefox. (CVE-2024-5697)

  - By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text     box over the address bar. This could have led to user confusion and possible spoofing attacks.
    (CVE-2024-5698)

  - In violation of spec, cookie prefixes such as <code>Secure</code> were being ignored if they were not     correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have     resulted in the browser not correctly honoring the behaviors specified by the prefix. (CVE-2024-5699)

  - Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-5700)

  - Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2024-5701)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 127.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-25 advisory.

  - If a specific sequence of actions is performed when opening a new tab, the triggering principal associated     with the new tab may have been incorrect. The triggering principal is used to calculate many values,     including the <code>Referer</code> and <code>Sec-</code> headers, meaning there is the potential for     incorrect security checks within the browser in addition to incorrect or misleading information sent to     remote websites. This bug only affects Firefox for Android. Other versions of Firefox are unaffected.
    (CVE-2024-5687)

  - If a garbage collection was triggered at the right time, a use-after-free could have occurred during     object transplant. (CVE-2024-5688)

  - In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My     Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used     for phishing. (CVE-2024-5689)

  - By monitoring the time certain operations take, an attacker could have guessed which external protocol     handlers were functional on a user's system. (CVE-2024-5690)

  - By tricking the browser with a <code>X-Frame-Options</code> header, a sandboxed iframe could have     presented a button that, if clicked by a user, would bypass restrictions to open a new window.
    (CVE-2024-5691)

  - On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving     the file with a disallowed extension such as <code>.url</code> by including an invalid character in the     extension. Note: This issue only affected Windows operating systems. Other operating systems are     unaffected. (CVE-2024-5692)

  - Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data     from another site in violation of same-origin policy. (CVE-2024-5693)

  - An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript     string section of the heap. (CVE-2024-5694)

  - If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap     checker, an assertion could have been triggered, and in rarer situations, memory corruption could have     occurred. (CVE-2024-5695)

  - By manipulating the text in an <code><input></code> tag, an attacker could have caused corrupt     memory leading to a potentially exploitable crash. (CVE-2024-5696)

  - A website was able to detect when a user took a screenshot of a page using the built-in Screenshot     functionality in Firefox. (CVE-2024-5697)

  - By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text     box over the address bar. This could have led to user confusion and possible spoofing attacks.
    (CVE-2024-5698)

  - In violation of spec, cookie prefixes such as <code>Secure</code> were being ignored if they were not     correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have     resulted in the browser not correctly honoring the behaviors specified by the prefix. (CVE-2024-5699)

  - Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-5700)

  - Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2024-5701)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
200718	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:2061-1)	Nessus	SuSE Local Security Checks	high
200716	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2024:2073-1)	Nessus	SuSE Local Security Checks	high
200645	Fedora 40 : thunderbird (2024-748bedc96c)	Nessus	Fedora Local Security Checks	critical
200496	Mozilla Thunderbird < 115.12	Nessus	Windows	critical
200495	Mozilla Thunderbird < 115.12	Nessus	MacOS X Local Security Checks	critical
200461	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:2012-1)	Nessus	SuSE Local Security Checks	critical
200378	Fedora 40 : firefox (2024-4a22a9cd11)	Nessus	Fedora Local Security Checks	critical
200368	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-163-01)	Nessus	Slackware Local Security Checks	critical
200317	Mozilla Firefox ESR < 115.12	Nessus	MacOS X Local Security Checks	critical
200316	Mozilla Firefox ESR < 115.12	Nessus	Windows	critical
200315	Mozilla Firefox < 127.0	Nessus	Windows	critical
200314	Mozilla Firefox < 127.0	Nessus	MacOS X Local Security Checks	critical

Detections

Analytics

CVE-2024-5692

high

Tenable Plugins

high

high

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical