| VID |
14238 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The remote system does not apply CESA-2019:1763 which is Firefox security update. The system which does not apply the update is affected by following multiple vulnerabilites:
- Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709)
- Sandbox escape via installation of malicious language pack (CVE-2019-9811)
- Script injection within domain through inner window reuse (CVE-2019-11711)
- Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712)
- Use-after-free with HTTP/2 cached stream (CVE-2019-11713)
- HTML parsing error can contribute to content XSS (CVE-2019-11715)
- Caret character improperly escaped in origins (CVE-2019-11717)
- Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730)
Note: This check solely relied on the Firefox RPM version of the remote system to assess this vulnerability, so this might be a false positive.
* References:
https://lists.centos.org/pipermail/centos-announce/2019-July/023365.html
* Platforms Affected:
CentOS Linux Server (v. 7) |
| Recommendation |
Update the affected packages.
Launch the graphical update tool through
System -> Administration -> Software Update
For a command line interface, use the following command to update the operating system:
# yum update |
| Related URL |
CVE-2019-11709,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11715,CVE-2019-11717,CVE-2019-11730,CVE-2019-9811 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
