ID de Prueba:	1.3.6.1.4.1.25623.1.0.811848
Categoría:	General
Título:	Mozilla Firefox Security Update (mfsa_2017-21_2017-22) - Windows
Resumen:	Mozilla Firefox is prone to multiple vulnerabilities.
Descripción:	Summary: Mozilla Firefox is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Use-after-free error with Fetch API. - Firefox for Android address bar spoofing through full screen mode. - Use-after-free error during ARIA array manipulation. - Use-after-free error while resizing images in design mode. - Buffer overflow error when drawing and validating elements with ANGLE. - Use-after-free error in TLS 1.2 generating handshake hashes. - Drag and drop of malicious page content to the tab bar can open locally stored files. - Blob and data URLs bypass phishing and malware protection warnings. - Integer truncation in the JavaScript parser. - OS X fonts render some Tibetan and Arabic unicode characters as spaces. - Spoofing attack with modal dialogs on non-e10s installations. - Web Extensions can load about: URLs in extension UI. - Web Extensions can download and open non-executable files without user interaction. - CSP sandbox directive did not create a unique origin. - Web Crypto allows AES-GCM with 0-length IV. - Xray wrapper bypass with new tab and web console. - Memory safety bugs fixed in Firefox 56. Vulnerability Impact: Successful exploitation of these vulnerabilities will allow remote attackers to cause denial of service, conduct spoofing attack, obtain sensitive information and execute arbitrary code. Affected Software/OS: Mozilla Firefox versions before 56.0. Solution: Update to version 56.0 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 101055 BugTraq ID: 101053 BugTraq ID: 101059 BugTraq ID: 101057 BugTraq ID: 101054 Common Vulnerability Exposure (CVE) ID: CVE-2017-7793 http://www.securityfocus.com/bid/101055 Debian Security Information: DSA-3987 (Google Search) https://www.debian.org/security/2017/dsa-3987 Debian Security Information: DSA-4014 (Google Search) https://www.debian.org/security/2017/dsa-4014 https://security.gentoo.org/glsa/201803-14 https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html RedHat Security Advisories: RHSA-2017:2831 https://access.redhat.com/errata/RHSA-2017:2831 RedHat Security Advisories: RHSA-2017:2885 https://access.redhat.com/errata/RHSA-2017:2885 http://www.securitytracker.com/id/1039465 Common Vulnerability Exposure (CVE) ID: CVE-2017-7818 Common Vulnerability Exposure (CVE) ID: CVE-2017-7819 Common Vulnerability Exposure (CVE) ID: CVE-2017-7824 http://www.securityfocus.com/bid/101053 Common Vulnerability Exposure (CVE) ID: CVE-2017-7805 http://www.securityfocus.com/bid/101059 Debian Security Information: DSA-3998 (Google Search) https://www.debian.org/security/2017/dsa-3998 RedHat Security Advisories: RHSA-2017:2832 https://access.redhat.com/errata/RHSA-2017:2832 Common Vulnerability Exposure (CVE) ID: CVE-2017-7812 http://www.securityfocus.com/bid/101057 Common Vulnerability Exposure (CVE) ID: CVE-2017-7814 Common Vulnerability Exposure (CVE) ID: CVE-2017-7813 Common Vulnerability Exposure (CVE) ID: CVE-2017-7815 Common Vulnerability Exposure (CVE) ID: CVE-2017-7816 Common Vulnerability Exposure (CVE) ID: CVE-2017-7821 Common Vulnerability Exposure (CVE) ID: CVE-2017-7823 Common Vulnerability Exposure (CVE) ID: CVE-2017-7822 Common Vulnerability Exposure (CVE) ID: CVE-2017-7820 Common Vulnerability Exposure (CVE) ID: CVE-2017-7811 Common Vulnerability Exposure (CVE) ID: CVE-2017-7810 http://www.securityfocus.com/bid/101054 https://usn.ubuntu.com/3688-1/
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.