Detections
Analytics
NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2024-0066)
critical Nessus Plugin ID 206859
Synopsis
The remote NewStart CGSL host is affected by multiple vulnerabilities.Description
The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities:- crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. (CVE-2021-32810)
- Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. (CVE-2021-38493)
- During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)
- Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38497)
- During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38498)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the vulnerable CGSL firefox packages. Note that updated packages may not be available yet. Please contact ZTE for more information.See Also
https://security.gd-linux.com/info/CVE-2022-29909
https://security.gd-linux.com/info/CVE-2022-29911
https://security.gd-linux.com/info/CVE-2022-29912
https://security.gd-linux.com/info/CVE-2022-29914
https://security.gd-linux.com/info/CVE-2022-29916
https://security.gd-linux.com/info/CVE-2022-29917
https://security.gd-linux.com/info/CVE-2022-31736
https://security.gd-linux.com/info/CVE-2022-31737
https://security.gd-linux.com/info/CVE-2022-31738
https://security.gd-linux.com/info/CVE-2022-31740
https://security.gd-linux.com/info/CVE-2022-31741
https://security.gd-linux.com/info/CVE-2022-31742
https://security.gd-linux.com/info/CVE-2022-31744
https://security.gd-linux.com/info/CVE-2022-31747
https://security.gd-linux.com/info/CVE-2022-34468
https://security.gd-linux.com/info/CVE-2022-34470
https://security.gd-linux.com/notice/NS-SA-2024-0066
https://security.gd-linux.com/info/CVE-2021-32810
https://security.gd-linux.com/info/CVE-2021-38493
https://security.gd-linux.com/info/CVE-2021-38496
https://security.gd-linux.com/info/CVE-2021-38497
https://security.gd-linux.com/info/CVE-2021-38498
https://security.gd-linux.com/info/CVE-2021-38500
https://security.gd-linux.com/info/CVE-2021-38501
https://security.gd-linux.com/info/CVE-2021-38503
https://security.gd-linux.com/info/CVE-2021-38504
https://security.gd-linux.com/info/CVE-2021-38506
https://security.gd-linux.com/info/CVE-2021-38507
https://security.gd-linux.com/info/CVE-2021-38508
https://security.gd-linux.com/info/CVE-2021-38509
https://security.gd-linux.com/info/CVE-2021-4129
https://security.gd-linux.com/info/CVE-2021-4140
https://security.gd-linux.com/info/CVE-2021-43534
https://security.gd-linux.com/info/CVE-2021-43535
https://security.gd-linux.com/info/CVE-2021-43536
https://security.gd-linux.com/info/CVE-2021-43537
https://security.gd-linux.com/info/CVE-2021-43538
https://security.gd-linux.com/info/CVE-2021-43539
https://security.gd-linux.com/info/CVE-2021-43541
https://security.gd-linux.com/info/CVE-2021-43542
https://security.gd-linux.com/info/CVE-2021-43543
https://security.gd-linux.com/info/CVE-2021-43545
https://security.gd-linux.com/info/CVE-2021-43546
https://security.gd-linux.com/info/CVE-2022-1097
https://security.gd-linux.com/info/CVE-2022-1196
https://security.gd-linux.com/info/CVE-2022-1529
https://security.gd-linux.com/info/CVE-2022-1802
https://security.gd-linux.com/info/CVE-2022-2200
https://security.gd-linux.com/info/CVE-2022-22737
https://security.gd-linux.com/info/CVE-2022-22738
https://security.gd-linux.com/info/CVE-2022-22739
https://security.gd-linux.com/info/CVE-2022-22740
https://security.gd-linux.com/info/CVE-2022-22741
https://security.gd-linux.com/info/CVE-2022-22742
https://security.gd-linux.com/info/CVE-2022-22743
https://security.gd-linux.com/info/CVE-2022-22745
https://security.gd-linux.com/info/CVE-2022-22747
https://security.gd-linux.com/info/CVE-2022-22748
https://security.gd-linux.com/info/CVE-2022-22751
https://security.gd-linux.com/info/CVE-2022-22754
https://security.gd-linux.com/info/CVE-2022-22756
https://security.gd-linux.com/info/CVE-2022-22759
https://security.gd-linux.com/info/CVE-2022-22760
https://security.gd-linux.com/info/CVE-2022-22761
https://security.gd-linux.com/info/CVE-2022-22763
https://security.gd-linux.com/info/CVE-2022-22764
https://security.gd-linux.com/info/CVE-2022-24713
https://security.gd-linux.com/info/CVE-2022-2505
https://security.gd-linux.com/info/CVE-2022-25235
https://security.gd-linux.com/info/CVE-2022-25236
https://security.gd-linux.com/info/CVE-2022-25315
https://security.gd-linux.com/info/CVE-2022-26381
https://security.gd-linux.com/info/CVE-2022-34472
https://security.gd-linux.com/info/CVE-2022-34479
https://security.gd-linux.com/info/CVE-2022-34481
https://security.gd-linux.com/info/CVE-2022-34484
https://security.gd-linux.com/info/CVE-2022-36318
https://security.gd-linux.com/info/CVE-2022-36319
https://security.gd-linux.com/info/CVE-2022-38472
https://security.gd-linux.com/info/CVE-2022-38473
https://security.gd-linux.com/info/CVE-2022-38476
https://security.gd-linux.com/info/CVE-2022-38477
https://security.gd-linux.com/info/CVE-2022-38478
https://security.gd-linux.com/info/CVE-2022-40674
https://security.gd-linux.com/info/CVE-2022-40956
https://security.gd-linux.com/info/CVE-2022-40957
https://security.gd-linux.com/info/CVE-2022-40958
https://security.gd-linux.com/info/CVE-2022-40959
https://security.gd-linux.com/info/CVE-2022-40960
https://security.gd-linux.com/info/CVE-2022-40962
https://security.gd-linux.com/info/CVE-2022-42927
https://security.gd-linux.com/info/CVE-2022-42928
https://security.gd-linux.com/info/CVE-2022-42929
https://security.gd-linux.com/info/CVE-2022-42932
https://security.gd-linux.com/info/CVE-2022-43680
https://security.gd-linux.com/info/CVE-2022-45403
https://security.gd-linux.com/info/CVE-2022-45404
https://security.gd-linux.com/info/CVE-2022-45405
https://security.gd-linux.com/info/CVE-2022-45406
https://security.gd-linux.com/info/CVE-2022-45408
https://security.gd-linux.com/info/CVE-2022-45409
https://security.gd-linux.com/info/CVE-2022-45410
https://security.gd-linux.com/info/CVE-2022-45411
https://security.gd-linux.com/info/CVE-2022-45412
https://security.gd-linux.com/info/CVE-2022-45416
https://security.gd-linux.com/info/CVE-2022-45418
https://security.gd-linux.com/info/CVE-2022-45420
https://security.gd-linux.com/info/CVE-2022-45421
https://security.gd-linux.com/info/CVE-2022-46871
https://security.gd-linux.com/info/CVE-2022-46872
https://security.gd-linux.com/info/CVE-2022-46874
https://security.gd-linux.com/info/CVE-2022-46877
https://security.gd-linux.com/info/CVE-2022-46878
https://security.gd-linux.com/info/CVE-2022-46880
https://security.gd-linux.com/info/CVE-2022-46881
https://security.gd-linux.com/info/CVE-2022-46882
https://security.gd-linux.com/info/CVE-2023-1945
https://security.gd-linux.com/info/CVE-2023-1999
https://security.gd-linux.com/info/CVE-2023-23598
https://security.gd-linux.com/info/CVE-2023-23599
https://security.gd-linux.com/info/CVE-2023-23601
https://security.gd-linux.com/info/CVE-2023-23602
https://security.gd-linux.com/info/CVE-2023-23603
https://security.gd-linux.com/info/CVE-2023-23605
https://security.gd-linux.com/info/CVE-2023-25728
https://security.gd-linux.com/info/CVE-2023-25729
https://security.gd-linux.com/info/CVE-2023-25730
https://security.gd-linux.com/info/CVE-2023-25732
https://security.gd-linux.com/info/CVE-2023-25735
https://security.gd-linux.com/info/CVE-2023-25737
https://security.gd-linux.com/info/CVE-2023-25739
https://security.gd-linux.com/info/CVE-2023-25742
https://security.gd-linux.com/info/CVE-2023-25743
https://security.gd-linux.com/info/CVE-2023-25744
https://security.gd-linux.com/info/CVE-2023-25746
https://security.gd-linux.com/info/CVE-2023-25751
https://security.gd-linux.com/info/CVE-2023-25752
https://security.gd-linux.com/info/CVE-2023-28162
https://security.gd-linux.com/info/CVE-2023-28164
https://security.gd-linux.com/info/CVE-2023-28176
https://security.gd-linux.com/info/CVE-2023-29533
https://security.gd-linux.com/info/CVE-2023-29535
https://security.gd-linux.com/info/CVE-2023-29536
https://security.gd-linux.com/info/CVE-2023-29539
https://security.gd-linux.com/info/CVE-2023-29541
https://security.gd-linux.com/info/CVE-2023-29548
https://security.gd-linux.com/info/CVE-2023-29550
https://security.gd-linux.com/info/CVE-2023-32205
https://security.gd-linux.com/info/CVE-2023-32206
https://security.gd-linux.com/info/CVE-2023-32207
https://security.gd-linux.com/info/CVE-2023-32211
https://security.gd-linux.com/info/CVE-2023-32212
https://security.gd-linux.com/info/CVE-2023-32213
https://security.gd-linux.com/info/CVE-2023-32215
https://security.gd-linux.com/info/CVE-2023-34414
https://security.gd-linux.com/info/CVE-2023-34416
https://security.gd-linux.com/info/CVE-2023-37201
https://security.gd-linux.com/info/CVE-2023-37202
https://security.gd-linux.com/info/CVE-2023-37207
https://security.gd-linux.com/info/CVE-2023-37208
https://security.gd-linux.com/info/CVE-2023-37211
https://security.gd-linux.com/info/CVE-2023-4045
https://security.gd-linux.com/info/CVE-2023-4046
https://security.gd-linux.com/info/CVE-2023-4047
https://security.gd-linux.com/info/CVE-2023-4048
https://security.gd-linux.com/info/CVE-2023-4049
https://security.gd-linux.com/info/CVE-2023-4050
https://security.gd-linux.com/info/CVE-2023-4051
https://security.gd-linux.com/info/CVE-2023-4053
https://security.gd-linux.com/info/CVE-2023-4055
https://security.gd-linux.com/info/CVE-2023-4056
https://security.gd-linux.com/info/CVE-2023-4057
https://security.gd-linux.com/info/CVE-2023-4573
https://security.gd-linux.com/info/CVE-2023-4574
https://security.gd-linux.com/info/CVE-2023-4575
https://security.gd-linux.com/info/CVE-2023-4577
https://security.gd-linux.com/info/CVE-2023-4578
https://security.gd-linux.com/info/CVE-2023-4580
https://security.gd-linux.com/info/CVE-2023-4581
https://security.gd-linux.com/info/CVE-2023-4583
https://security.gd-linux.com/info/CVE-2023-4584
https://security.gd-linux.com/info/CVE-2023-4585
https://security.gd-linux.com/info/CVE-2023-4863
https://security.gd-linux.com/info/CVE-2023-5129
https://security.gd-linux.com/info/CVE-2022-26383
https://security.gd-linux.com/info/CVE-2022-26384
https://security.gd-linux.com/info/CVE-2022-26386
https://security.gd-linux.com/info/CVE-2022-26387
https://security.gd-linux.com/info/CVE-2022-26485
https://security.gd-linux.com/info/CVE-2022-26486
https://security.gd-linux.com/info/CVE-2022-28281
https://security.gd-linux.com/info/CVE-2022-28282
https://security.gd-linux.com/info/CVE-2022-28285
Plugin Details
Severity: Critical
ID: 206859
File Name: newstart_cgsl_NS-SA-2024-0066_firefox.nasl
Version: 1.3
Type: local
Published: 9/10/2024
Updated: 9/17/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.8
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2022-25315
CVSS v3
Risk Factor: Critical
Base Score: 10
Temporal Score: 9.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS Score Source: CVE-2021-4140
Vulnerability Information
CPE: cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:firefox
Required KB Items: Host/local_checks_enabled, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/3/2024
Vulnerability Publication Date: 8/2/2021
CISA Known Exploited Vulnerability Due Dates: 3/21/2022, 10/4/2023
Reference Information
CVE: CVE-2021-32810, CVE-2021-38493, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-4129, CVE-2021-4140, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546, CVE-2022-1097, CVE-2022-1196, CVE-2022-1529, CVE-2022-1802, CVE-2022-2200, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751, CVE-2022-22754, CVE-2022-22756, CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764, CVE-2022-24713, CVE-2022-2505, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917, CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742, CVE-2022-31744, CVE-2022-31747, CVE-2022-34468, CVE-2022-34470, CVE-2022-34472, CVE-2022-34479, CVE-2022-34481, CVE-2022-34484, CVE-2022-36318, CVE-2022-36319, CVE-2022-38472, CVE-2022-38473, CVE-2022-38476, CVE-2022-38477, CVE-2022-38478, CVE-2022-40674, CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022-40959, CVE-2022-40960, CVE-2022-40962, CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932, CVE-2022-43680, CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45416, CVE-2022-45418, CVE-2022-45420, CVE-2022-45421, CVE-2022-46871, CVE-2022-46872, CVE-2022-46874, CVE-2022-46877, CVE-2022-46878, CVE-2022-46880, CVE-2022-46881, CVE-2022-46882, CVE-2023-1945, CVE-2023-1999, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746, CVE-2023-25751, CVE-2023-25752, CVE-2023-28162, CVE-2023-28164, CVE-2023-28176, CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, CVE-2023-29541, CVE-2023-29548, CVE-2023-29550, CVE-2023-32205, CVE-2023-32206, CVE-2023-32207, CVE-2023-32211, CVE-2023-32212, CVE-2023-32213, CVE-2023-32215, CVE-2023-34414, CVE-2023-34416, CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-2023-37208, CVE-2023-37211, CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4051, CVE-2023-4053, CVE-2023-4055, CVE-2023-4056, CVE-2023-4057, CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4577, CVE-2023-4578, CVE-2023-4580, CVE-2023-4581, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585, CVE-2023-4863, CVE-2023-5129
IAVA: 2021-A-0405, 2021-A-0450-S, 2021-A-0461-S, 2021-A-0527-S, 2021-A-0569-S, 2022-A-0017-S, 2022-A-0079-S, 2022-A-0103-S, 2022-A-0134-S, 2022-A-0188-S, 2022-A-0190-S, 2022-A-0217-S, 2022-A-0226-S, 2022-A-0256-S, 2022-A-0298-S, 2022-A-0339-S, 2022-A-0384-S, 2022-A-0435-S, 2022-A-0491-S, 2022-A-0517-S, 2023-A-0048-S, 2023-A-0081-S, 2023-A-0132-S, 2023-A-0182-S, 2023-A-0242-S, 2023-A-0277-S, 2023-A-0328-S, 2023-A-0388-S, 2023-A-0449-S, 2023-A-0491-S