The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4926-1 advisory.

    Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially     crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the     browser UI, bypass security restrictions, trick the user into disclosing confidential information, or     execute arbitrary code. (CVE-2021-23994, CVE-2021-23996, CVE-2021-23997, CVE-2021-23998, CVE-2021-23999,     CVE-2021-24000, CVE-2021-24001, CVE-2021-29945, CVE-2021-29946, CVE-2021-29947)

    A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into     opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially     exploit this to cause a denial of service, or execute arbitrary code. (CVE-2021-23995)

    It was discovered that Firefox mishandled ftp URLs with encoded newline characters. If a user were tricked     into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary     FTP commands. (CVE-2021-24002)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-4926-1)

high Nessus Plugin ID 148992

Version 1.5