Detections
Analytics

Ubuntu 20.04 LTS : Firefox regressions (USN-6966-2)

info Nessus Plugin ID 206006

Synopsis

The remote Ubuntu host is missing a security update.

Description

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6966-2 advisory.

 USN-6966-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem.

 We apologize for the inconvenience.

 Original advisory details:

 Multiple security issues were discovered in Firefox. If a user were

 tricked into opening a specially crafted website, an attacker could

 potentially exploit these to cause a denial of service, obtain sensitive

 information across domains, or execute arbitrary code. (CVE-2024-7518,

 CVE-2024-7521, CVE-2024-7524, CVE-2024-7526, CVE-2024-7527, CVE-2024-7528,

 CVE-2024-7529, CVE-2024-7530, CVE-2024-7531)

 It was discovered that Firefox did not properly manage certain memory

 operations when processing graphics shared memory. An attacker could

 potentially exploit this issue to escape the sandbox. (CVE-2024-7519)

 Nan Wang discovered that Firefox did not properly handle type check in

 WebAssembly. An attacker could potentially exploit this issue to execute

 arbitrary code. (CVE-2024-7520)

 Irvan Kurniawan discovered that Firefox did not properly check an

 attribute value in the editor component, leading to an out-of-bounds read

 vulnerability. An attacker could possibly use this issue to cause a denial

 of service or expose sensitive information. (CVE-2024-7522)

 Rob Wu discovered that Firefox did not properly check permissions when

 creating a StreamFilter. An attacker could possibly use this issue to

 modify response body of requests on any site using a web extension.

 (CVE-2024-7525)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-6966-2

Plugin Details

Severity: Info

ID: 206006

File Name: ubuntu_USN-6966-2.nasl

Version: 1.1

Type: local

Agent: unix

Published: 8/21/2024

Updated: 8/21/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:firefox, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-af, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ar, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-as, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ast, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-be, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bg, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bn, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-br, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-bs, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ca, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cs, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cy, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-da, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-de, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-el, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-en, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eo, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-es, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-et, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-eu, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fa, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fi, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fr, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-fy, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ga, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gd, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gl, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gu, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-he, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hi, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hr, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hu, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hy, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-id, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-is, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-it, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ja, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ka, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kk, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kn, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ko, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ku, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lg, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lt, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-lv, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mai, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mk, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ml, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mr, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nb, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nl, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nn, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-nso, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-oc, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-or, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pa, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pl, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-pt, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ro, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ru, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-si, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sk, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sl, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sq, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sr, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sv, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ta, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-te, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-th, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tr, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uk, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-vi, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hans, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zh-hant, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-zu, p-cpe:/a:canonical:ubuntu_linux:firefox-dev, p-cpe:/a:canonical:ubuntu_linux:firefox-mozsymbols, p-cpe:/a:canonical:ubuntu_linux:firefox-geckodriver, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-an, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-az, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-cak, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-csb, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-gn, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-hsb, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ia, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-kab, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-km, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-mn, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ms, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-my, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ne, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-sw, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-ur, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-uz, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-xh, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-szl, p-cpe:/a:canonical:ubuntu_linux:firefox-locale-tg

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Ease: No known exploits are available

Patch Publication Date: 8/21/2024

Vulnerability Publication Date: 8/21/2024

Reference Information

USN: 6966-2