The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0824 advisory.

  - xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks     for whether a UTF-8 character is valid in a certain context. (CVE-2022-25235)

  - xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters     into namespace URIs. (CVE-2022-25236)

  - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. (CVE-2022-25315)

  - An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a     potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and     Thunderbird < 91.7. (CVE-2022-26381)

  - When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen     notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
    (CVE-2022-26383)

  - If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not     <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript     execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and     Thunderbird < 91.7. (CVE-2022-26384)

  - Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in     <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be     affected by other local users. This behavior was reverted to the original, user-specific directory.
    <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This     vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7. (CVE-2022-26386)

  - When installing an add-on, Firefox verified the signature before prompting the user; but while the user     was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have     noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
    (CVE-2022-26387)

  - Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had     reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR     < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. (CVE-2022-26485)

  - An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox     escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox <     97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
    (CVE-2022-26486)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

CentOS 7 : firefox (RHSA-2022:0824)

critical Nessus Plugin ID 159315

Version 1.5

Version 1.4

Version 1.5 Oct 9, 2024, 10:24 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202410092224
Version 1.4 Apr 25, 2023, 11:11 PM CVSS temporal metrics (Adjust exploitability metrics for CISA KEV vulnerabilities) Plugin Feed: 202304252311