pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2023-1974/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

183 lines
8.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20231974",
"Version": "oval:org.altlinux.errata:def:20231974",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-1974: package `firefox` update to version 114.0.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-1974",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-1974",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03125",
"RefURL": "https://bdu.fstec.ru/vul/2023-03125",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03196",
"RefURL": "https://bdu.fstec.ru/vul/2023-03196",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03197",
"RefURL": "https://bdu.fstec.ru/vul/2023-03197",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03198",
"RefURL": "https://bdu.fstec.ru/vul/2023-03198",
"Source": "BDU"
},
{
"RefID": "CVE-2023-34414",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34414",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34415",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34415",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34416",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34416",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34417",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34417",
"Source": "CVE"
}
],
"Description": "This update upgrades firefox to version 114.0.1-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03125: Уязвимость браузеров Mozilla Firefox и Firefox ESR, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03196: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неверным ограничением визуализируемых слоев пользовательского интерфейса, позволяющая нарушителю провести атаку типа clickjacking («захват клика»)\n\n * BDU:2023-03197: Уязвимость браузера Mozilla Firefox, связанная с переадресацией URL на ненадежный сайт, позволяющая нарушителю обойти ограничения безопасности и перенаправить пользователя на произвольный URL-адрес\n\n * BDU:2023-03198: Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2023-34414: The error page for sites with invalid TLS certificates was missing the\nactivation-delay Firefox uses to protect prompts and permission dialogs\nfrom attacks that exploit human response time delays. If a malicious\npage elicited user clicks in precise locations immediately before\nnavigating to a site with a certificate error and made the renderer\nextremely busy at the same time, it could create a gap between when\nthe error page was loaded and when the display actually refreshed.\nWith the right timing the elicited clicks could land in that gap and \nactivate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR \u003c 102.12, Firefox \u003c 114, and Thunderbird \u003c 102.12.\n\n * CVE-2023-34415: When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an \"open redirect\". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox \u003c 114.\n\n * CVE-2023-34416: Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 102.12, Firefox \u003c 114, and Thunderbird \u003c 102.12.\n\n\n\n * CVE-2023-34417: Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 114.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-06-11"
},
"Updated": {
"Date": "2023-06-11"
},
"BDUs": [
{
"ID": "BDU:2023-03125",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2023-03125",
"Impact": "High",
"Public": "20230606"
},
{
"ID": "BDU:2023-03196",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-451, CWE-1021",
"Href": "https://bdu.fstec.ru/vul/2023-03196",
"Impact": "Low",
"Public": "20230606"
},
{
"ID": "BDU:2023-03197",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-601",
"Href": "https://bdu.fstec.ru/vul/2023-03197",
"Impact": "Low",
"Public": "20230606"
},
{
"ID": "BDU:2023-03198",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2023-03198",
"Impact": "High",
"Public": "20230606"
}
],
"CVEs": [
{
"ID": "CVE-2023-34414",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34414",
"Impact": "Low",
"Public": "20230619"
},
{
"ID": "CVE-2023-34415",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-601",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34415",
"Impact": "Low",
"Public": "20230619"
},
{
"ID": "CVE-2023-34416",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34416",
"Impact": "Critical",
"Public": "20230619"
},
{
"ID": "CVE-2023-34417",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34417",
"Impact": "Critical",
"Public": "20230619"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20231974001",
"Comment": "firefox is earlier than 0:114.0.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20231974002",
"Comment": "firefox-config-privacy is earlier than 0:114.0.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink