The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0521 advisory.

  - A content process could have modified shared memory relating to crash reporting information, crash itself,     and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable     crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. (CVE-2020-6796)

  - If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and     execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer     a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email     in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in     browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox     < ESR68.5. (CVE-2020-6798)

  - Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR     68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some     of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited     through email in the Thunderbird product because scripting is disabled when reading mail, but are     potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5,     Firefox < 73, and Firefox < ESR68.5. (CVE-2020-6800)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

CentOS 6 : firefox (RHSA-2020:0521)

high Nessus Plugin ID 133769

Version 1.7

Version 1.6

Version 1.7 Oct 9, 2024, 10:24 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202410092224
Version 1.6 Mar 27, 2024, 2:17 PM Exploit attributes ("Exploit available" set to "False") CVSSv2 score source (changed from "CVE-2020-6796" to "CVE-2020-6800") Plugin Feed: 202403271417