The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4062 advisory.

  - Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

  - Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)

  - Mozilla: Fullscreen notification obscured (CVE-2023-37207)

  - Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

  - Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13     (CVE-2023-37211)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4064 advisory.

  - Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

  - Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)

  - Mozilla: Fullscreen notification obscured (CVE-2023-37207)

  - Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

  - Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13     (CVE-2023-37211)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4079 advisory.

  - Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

  - Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)

  - Mozilla: Fullscreen notification obscured (CVE-2023-37207)

  - Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

  - Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13     (CVE-2023-37211)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS / 22.10 / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6227-1 advisory.

  - Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to     be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115,     Firefox ESR < 102.13, and Thunderbird < 102.13. (CVE-2023-37202)

  - Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and     Thunderbird < 102.13. (CVE-2023-37211)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4062 advisory.

  - Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and     Thunderbird < 102.13. (CVE-2023-37211)

  - A website could have obscured the fullscreen notification by using a URL with a scheme handled by an     external program, such as a mailto URL. This could have led to user confusion and possible spoofing     attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
    (CVE-2023-37207)

  - Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to     be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115,     Firefox ESR < 102.13, and Thunderbird < 102.13. (CVE-2023-37202)

  - An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
    This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. (CVE-2023-37201)

  - When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
    This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. (CVE-2023-37208)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
178247	RHEL 7 : thunderbird (RHSA-2023:4062)	Nessus	Red Hat Local Security Checks	7/13/2023	4/28/2024	high
178248	RHEL 9 : thunderbird (RHSA-2023:4064)	Nessus	Red Hat Local Security Checks	7/13/2023	4/28/2024	high
178259	RHEL 7 : firefox (RHSA-2023:4079)	Nessus	Red Hat Local Security Checks	7/13/2023	4/28/2024	high
178260	Ubuntu 22.04 LTS / 23.04 : SpiderMonkey vulnerabilities (USN-6227-1)	Nessus	Ubuntu Local Security Checks	7/13/2023	10/23/2023	high
178327	Oracle Linux 7 : thunderbird (ELSA-2023-4062)	Nessus	Oracle Linux Local Security Checks	7/17/2023	7/27/2023	high
190759	GLSA-202402-25 : Mozilla Thunderbird: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	2/20/2024	2/20/2024	critical

Detections

Analytics

Plugins Search

high

high

high

high

high

critical