The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6320-1 advisory.

    Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially     crafted website, an attacker could potentially exploit these to cause a denial of service, obtain     sensitive information across domains, or execute arbitrary code. (CVE-2023-4573, CVE-2023-4574,     CVE-2023-4575, CVE-2023-4578, CVE-2023-4581, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585)

    Lukas Bernhard discovered that Firefox did not properly manage memory when the UpdateRegExpStatics     attempted to access initialStringHeap. An attacker could potentially exploit this issue to cause a     denial of service. (CVE-2023-4577)

    Malte Jrgens discovered that Firefox did not properly handle search queries if the search query itself     was a well formed URL. An attacker could potentially exploit this issue to perform spoofing attacks.
    (CVE-2023-4579)

    Harveer Singh discovered that Firefox did not properly handle push notifications stored on disk in private     browsing mode. An attacker could potentially exploits this issue to access sensitive information.
    (CVE-2023-4580)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6320-1)

high Nessus Plugin ID 180274

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.4 Aug 28, 2024, 7:43 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408281943
Version 1.3 Sep 26, 2023, 8:16 PM CVSS metrics ("CVSSv2 score" changed from 7.5 to 10.0. "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C". "CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H". "CVSSv3 score" changed from 9.8 to 8.8) CVSSv3 score source (set to "CVE-2023-4585") Plugin Feed: 202309262016
Version 1.2 Sep 21, 2023, 4:26 PM IAVM reference Plugin Feed: 202309211626
Version 1.1 Sep 1, 2023, 10:10 AM STIG Severity (set to "I") IAVM reference Plugin Feed: 202309011010
Version 1.0 Aug 30, 2023, 4:14 PM New Plugin Feed: 202308301614