Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:7621 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service     (CVE-2024-9399)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131 (CVE-2024-9403)

    * firefox: thunderbird: Potential directory upload bypass via clickjacking (CVE-2024-9397)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3,     Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9401)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and     Thunderbird 128.3 (CVE-2024-9402)

    * firefox: thunderbird: External protocol handlers could be enumerated via popups (CVE-2024-9398)

    * firefox: thunderbird: Potential memory corruption during JIT compilation (CVE-2024-9400)

    * firefox: thunderbird: Potential memory corruption may occur when cloning certain objects (CVE-2024-9396)

    * firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (CVE-2024-9393)

    * firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (CVE-2024-9394)

    * firefox: thunderbird: Compromised content process can bypass site isolation (CVE-2024-9392)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:7622 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service     (CVE-2024-9399)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131 (CVE-2024-9403)

    * firefox: thunderbird: Potential directory upload bypass via clickjacking (CVE-2024-9397)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3,     Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9401)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and     Thunderbird 128.3 (CVE-2024-9402)

    * firefox: thunderbird: External protocol handlers could be enumerated via popups (CVE-2024-9398)

    * firefox: thunderbird: Potential memory corruption during JIT compilation (CVE-2024-9400)

    * firefox: thunderbird: Potential memory corruption may occur when cloning certain objects (CVE-2024-9396)

    * firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (CVE-2024-9393)

    * firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (CVE-2024-9394)

    * firefox: thunderbird: Compromised content process can bypass site isolation (CVE-2024-9392)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5f39927e90 advisory.

    - New upstream builds (131.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:7552 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * thunderbird: 115.16/128.3 ()

    * firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service     (CVE-2024-9399)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131 (CVE-2024-9403)

    * firefox: thunderbird: Potential directory upload bypass via clickjacking (CVE-2024-9397)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3,     Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9401)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and     Thunderbird 128.3 (CVE-2024-9402)

    * firefox: thunderbird: External protocol handlers could be enumerated via popups (CVE-2024-9398)

    * firefox: thunderbird: Potential memory corruption during JIT compilation (CVE-2024-9400)

    * firefox: thunderbird: Potential memory corruption may occur when cloning certain objects (CVE-2024-9396)

    * firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (CVE-2024-9393)

    * firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (CVE-2024-9394)

    * firefox: thunderbird: Compromised content process can bypass site isolation (CVE-2024-9392)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-7505 advisory.

    [128.3.0-1.0.1]
    - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773]
    - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

    [128.3.0]
    - Add debranding patches (Mustafa Gezen)
    - Add OpenELA default preferences (Louis Abel)

    [128.3.0-1]
    - Update to 128.3.0

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:7505 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: 115.16/128.3 ESR ()

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3,     Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9401)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and     Thunderbird 128.3 (CVE-2024-9402)

    * firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (CVE-2024-9393)

    * firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (CVE-2024-9394)

    * firefox: thunderbird: Compromised content process can bypass site isolation (CVE-2024-9392)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-50 advisory.

  - A compromised content process could have allowed for the arbitrary loading of cross-origin pages.
    (CVE-2024-9392)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://pdf.js` origin.  This could allow them to access cross-origin PDF content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9393)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://devtools` origin.  This could allow them to access cross-origin JSON content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9394)

  - It is currently unknown if this issue is exploitable but a condition may arise where the structured clone     of certain objects could lead to memory corruption. (CVE-2024-9396)

  - A missing delay in directory upload UI could have made it possible for an attacker to trick a user into     granting permission via clickjacking. (CVE-2024-9397)

  - By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker     could determine if the application which implements that protocol handler is installed. (CVE-2024-9398)

  - A website configured to initiate a specially crafted WebTransport session could crash the Thunderbird     process leading to a denial of service condition. (CVE-2024-9399)

  - A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger     an OOM at a specific moment during JIT compilation. (CVE-2024-9400)

  - Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2024-9401)

  - Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-9402)

  - Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2024-9403)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-50 advisory.

  - A compromised content process could have allowed for the arbitrary loading of cross-origin pages.
    (CVE-2024-9392)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://pdf.js` origin.  This could allow them to access cross-origin PDF content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9393)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://devtools` origin.  This could allow them to access cross-origin JSON content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9394)

  - It is currently unknown if this issue is exploitable but a condition may arise where the structured clone     of certain objects could lead to memory corruption. (CVE-2024-9396)

  - A missing delay in directory upload UI could have made it possible for an attacker to trick a user into     granting permission via clickjacking. (CVE-2024-9397)

  - By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker     could determine if the application which implements that protocol handler is installed. (CVE-2024-9398)

  - A website configured to initiate a specially crafted WebTransport session could crash the Thunderbird     process leading to a denial of service condition. (CVE-2024-9399)

  - A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger     an OOM at a specific moment during JIT compilation. (CVE-2024-9400)

  - Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2024-9401)

  - Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-9402)

  - Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2024-9403)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 128.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-49 advisory.

  - A compromised content process could have allowed for the arbitrary loading of cross-origin pages.
    (CVE-2024-9392)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://pdf.js` origin.  This could allow them to access cross-origin PDF content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9393)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://devtools` origin.  This could allow them to access cross-origin JSON content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9394)

  - An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence     of navigational events. (CVE-2024-8900)

  - It is currently unknown if this issue is exploitable but a condition may arise where the structured clone     of certain objects could lead to memory corruption. (CVE-2024-9396)

  - A missing delay in directory upload UI could have made it possible for an attacker to trick a user into     granting permission via clickjacking. (CVE-2024-9397)

  - By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker     could determine if the application which implements that protocol handler is installed. (CVE-2024-9398)

  - A website configured to initiate a specially crafted WebTransport session could crash the Thunderbird     process leading to a denial of service condition. (CVE-2024-9399)

  - A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger     an OOM at a specific moment during JIT compilation. (CVE-2024-9400)

  - Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2024-9401)

  - Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-9402)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-49 advisory.

  - A compromised content process could have allowed for the arbitrary loading of cross-origin pages.
    (CVE-2024-9392)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://pdf.js` origin.  This could allow them to access cross-origin PDF content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9393)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://devtools` origin.  This could allow them to access cross-origin JSON content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9394)

  - An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence     of navigational events. (CVE-2024-8900)

  - It is currently unknown if this issue is exploitable but a condition may arise where the structured clone     of certain objects could lead to memory corruption. (CVE-2024-9396)

  - A missing delay in directory upload UI could have made it possible for an attacker to trick a user into     granting permission via clickjacking. (CVE-2024-9397)

  - By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker     could determine if the application which implements that protocol handler is installed. (CVE-2024-9398)

  - A website configured to initiate a specially crafted WebTransport session could crash the Thunderbird     process leading to a denial of service condition. (CVE-2024-9399)

  - A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger     an OOM at a specific moment during JIT compilation. (CVE-2024-9400)

  - Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2024-9401)

  - Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-9402)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 128.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-47 advisory.

  - A compromised content process could have allowed for the arbitrary loading of cross-origin pages.
    (CVE-2024-9392)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://pdf.js` origin.  This could allow them to access cross-origin PDF content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9393)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://devtools` origin.  This could allow them to access cross-origin JSON content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9394)

  - An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence     of navigational events. (CVE-2024-8900)

  - It is currently unknown if this issue is exploitable but a condition may arise where the structured clone     of certain objects could lead to memory corruption. (CVE-2024-9396)

  - A missing delay in directory upload UI could have made it possible for an attacker to trick a user into     granting permission via clickjacking. (CVE-2024-9397)

  - By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker     could determine if the application which implements that protocol handler is installed. (CVE-2024-9398)

  - A website configured to initiate a specially crafted WebTransport session could crash the Firefox process     leading to a denial of service condition. (CVE-2024-9399)

  - A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger     an OOM at a specific moment during JIT compilation. (CVE-2024-9400)

  - Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2024-9401)

  - Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-9402)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-47 advisory.

  - A compromised content process could have allowed for the arbitrary loading of cross-origin pages.
    (CVE-2024-9392)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://pdf.js` origin.  This could allow them to access cross-origin PDF content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9393)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://devtools` origin.  This could allow them to access cross-origin JSON content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9394)

  - An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence     of navigational events. (CVE-2024-8900)

  - It is currently unknown if this issue is exploitable but a condition may arise where the structured clone     of certain objects could lead to memory corruption. (CVE-2024-9396)

  - A missing delay in directory upload UI could have made it possible for an attacker to trick a user into     granting permission via clickjacking. (CVE-2024-9397)

  - By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker     could determine if the application which implements that protocol handler is installed. (CVE-2024-9398)

  - A website configured to initiate a specially crafted WebTransport session could crash the Firefox process     leading to a denial of service condition. (CVE-2024-9399)

  - A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger     an OOM at a specific moment during JIT compilation. (CVE-2024-9400)

  - Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2024-9401)

  - Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-9402)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-46 advisory.

  - A user who enables full-screen mode on a specially crafted web page could potentially be prevented from     exiting full screen mode.  This may allow spoofing of other sites as the address bar is no longer visible.
    This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected. (CVE-2024-9391)

  - A compromised content process could have allowed for the arbitrary loading of cross-origin pages.
    (CVE-2024-9392)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://pdf.js` origin.  This could allow them to access cross-origin PDF content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9393)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://devtools` origin.  This could allow them to access cross-origin JSON content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9394)

  - A specially crafted filename containing a large number of spaces could obscure the file's extension when     displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are     unaffected. (CVE-2024-9395)

  - It is currently unknown if this issue is exploitable but a condition may arise where the structured clone     of certain objects could lead to memory corruption. (CVE-2024-9396)

  - A missing delay in directory upload UI could have made it possible for an attacker to trick a user into     granting permission via clickjacking. (CVE-2024-9397)

  - By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker     could determine if the application which implements that protocol handler is installed. (CVE-2024-9398)

  - A website configured to initiate a specially crafted WebTransport session could crash the Firefox process     leading to a denial of service condition. (CVE-2024-9399)

  - A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger     an OOM at a specific moment during JIT compilation. (CVE-2024-9400)

  - Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2024-9401)

  - Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-9402)

  - Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2024-9403)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-46 advisory.

  - A user who enables full-screen mode on a specially crafted web page could potentially be prevented from     exiting full screen mode.  This may allow spoofing of other sites as the address bar is no longer visible.
    This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected. (CVE-2024-9391)

  - A compromised content process could have allowed for the arbitrary loading of cross-origin pages.
    (CVE-2024-9392)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://pdf.js` origin.  This could allow them to access cross-origin PDF content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9393)

  - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the     `resource://devtools` origin.  This could allow them to access cross-origin JSON content. This access is     limited to same site documents by the Site Isolation feature on desktop clients, but full cross-origin     access is possible on Android versions. (CVE-2024-9394)

  - A specially crafted filename containing a large number of spaces could obscure the file's extension when     displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are     unaffected. (CVE-2024-9395)

  - It is currently unknown if this issue is exploitable but a condition may arise where the structured clone     of certain objects could lead to memory corruption. (CVE-2024-9396)

  - A missing delay in directory upload UI could have made it possible for an attacker to trick a user into     granting permission via clickjacking. (CVE-2024-9397)

  - By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker     could determine if the application which implements that protocol handler is installed. (CVE-2024-9398)

  - A website configured to initiate a specially crafted WebTransport session could crash the Firefox process     leading to a denial of service condition. (CVE-2024-9399)

  - A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger     an OOM at a specific moment during JIT compilation. (CVE-2024-9400)

  - Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2024-9401)

  - Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2024-9402)

  - Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2024-9403)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
208071	RHEL 9 : firefox (RHSA-2024:7621)	Nessus	Red Hat Local Security Checks	high
208070	RHEL 9 : firefox (RHSA-2024:7622)	Nessus	Red Hat Local Security Checks	high
208062	Fedora 40 : firefox (2024-5f39927e90)	Nessus	Fedora Local Security Checks	critical
208057	RHEL 9 : thunderbird (RHSA-2024:7552)	Nessus	Red Hat Local Security Checks	critical
208055	Oracle Linux 9 : firefox (ELSA-2024-7505)	Nessus	Oracle Linux Local Security Checks	critical
208034	RHEL 9 : firefox (RHSA-2024:7505)	Nessus	Red Hat Local Security Checks	critical
207987	Mozilla Thunderbird < 131.0	Nessus	MacOS X Local Security Checks	critical
207986	Mozilla Thunderbird < 131.0	Nessus	Windows	critical
207985	Mozilla Thunderbird < 128.3	Nessus	Windows	high
207984	Mozilla Thunderbird < 128.3	Nessus	MacOS X Local Security Checks	high
207981	Mozilla Firefox ESR < 128.3	Nessus	Windows	high
207980	Mozilla Firefox ESR < 128.3	Nessus	MacOS X Local Security Checks	high
207979	Mozilla Firefox < 131.0	Nessus	MacOS X Local Security Checks	critical
207978	Mozilla Firefox < 131.0	Nessus	Windows	critical

Detections

Analytics

CVE-2024-9402

critical

Tenable Plugins

high

high

critical

critical

critical

critical

critical

critical

high

high

high

high

critical

critical