The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5645 advisory.

    -----BEGIN PGP SIGNED MESSAGE-----     Hash: SHA512

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5645-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     March 23, 2024                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : firefox-esr     CVE ID         : CVE-2024-29944

    Manfred Paul discovered a flaw in the Mozilla Firefox web browser,     allowing an attacker to inject an event handler into a privileged object     that would allow arbitrary JavaScript execution in the parent process.

    For the oldstable distribution (bullseye), this problem has been fixed     in version 115.9.1esr-1~deb11u1.

    For the stable distribution (bookworm), this problem has been fixed in     version 115.9.1esr-1~deb12u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to its     security tracker page at:
    https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmX/MOFfFIAAAAAALgAo     aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2     NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND     z0Rolg/9GP46S5fV4AGsTsDeOZsx8rbHOZsKgj+Y//dA8Ly79T10CjVcZQSvpFek     Czgnwyo9dMqY5jTyxKOcFqsrbCzODKdMtDKVqOdTTptb0eGdorLyRsq0D5Kozn86     W8iq9mDTYiL50Vj7gMgpciNHklM7sjtKCYSTIgJFqLq+/8jMIoaN2qbTCmxo4OjC     bqweKgXYlHE/EmgCyjVJ6gjuam5yA1OlrXO+/IqKm809P8TPsceb9FBCY4Gw0jS4     Ioii4Y303fsNNMIHfDANNcvXC6JCnsy0QYjq2DyiNTOyh/leoV+Z9tWQwejcnQBd     T0aICDOoQwf6mnsMtsLvoDzsY81DawiHd19nyLeVKhxLwpEmqTz5CIIk72oy39MA     SLxY5owGrBPHkelxpi4XNPg7/fDNfeq1L3/CzEPoiExaioLsvC/vgvZzO4drrNkG     Eyp2ocGvKejYqt4TfZE/a5vmj7BpNDMmhsUne8XzdPVU8p1Co3jsEGmOVAT00EOv     cO1MGfUZdChdTdRHZ6Q/v6Wr2DZvmT9b/yy9uI4I+XjpkDLapS9DbP+FPJKM5y75     lOf3bfsBSHUBRIxxtiDdUmjYH9mTHNPNq6SFlHrcpykqRps+acuL4ZYd2NGG8nHg     Bv4lAz/FMJTBI80gqF7nv3v2qsy4CZ9ieBnAQbDHDkVxnnYLGVo=     =h5US
    -----END PGP SIGNATURE-----



Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dsa-5645 : firefox-esr - security update

high Nessus Plugin ID 192510

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Jan 24, 2025, 9:25 PM CVSS metrics ("CVSSv2 score" set to 10.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on CVE-2024-29944, severity increased from "Medium" to "High") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202501242125
Version 1.1 Aug 28, 2024, 7:43 PM CVSS metrics ("CVSSv3 score" set to 8.4) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") Plugin Feed: 202408281943
Version 1.0 Mar 24, 2024, 3:24 AM New Plugin Feed: 202403240324