Debian DSA-5026-1:firefox-esr - 安全更新

critical Nessus 插件 ID 156191

简介

远程 Debian 主机上缺少一个或多个与安全性相关的更新。

描述

远程 Debian 11 主机上安装的程序包受到 dsa-5026 公告中提及的多个漏洞影响。

- iframe 沙盒规则未正确应用到 XSLT 样式表,从而允许 iframe 绕过限制,例如执行脚本或浏览顶层框架。此漏洞会影响版本低于 91.3 的 Firefox ESR、版本低于 94 的 Firefox 和版本低于 91.3 的 Thunderbird。(CVE-2021-38503)

- 在设置 webkitdirectory 的情况下与 HTML 输入元素的文件选择器对话框交互时,可能会发生释放后使用,从而导致内存损坏以及可能遭受攻击的崩溃。此漏洞会影响版本低于 91.3 的 Firefox ESR、版本低于 94 的 Firefox 和版本低于 91.3 的 Thunderbird。(CVE-2021-38504)

- 通过一系列导航,Firefox 可在不通知或警告用户的情况下进入全屏模式。这可能导致对浏览器 UI 的欺骗攻击,包括钓鱼攻击。此漏洞会影响版本低于 91.3 的 Firefox ESR、版本低于 94 的 Firefox 和版本低于 91.3 的 Thunderbird。(CVE-2021-38506)

- HTTP2 (RFC 8164) 的机会性加密功能允许连接透明地升级到 TLS ,同时保留 HTTP 连接的可视化属性,包括与端口 80 上的未加密连接同源。但是,如果相同 IP 地址上的第二个加密端口(例如端口 8443)未选择加入机会性加密,网络攻击者可将浏览器到 443 端口的连接转发到 8443 端口,从而导致浏览器将 8443 端口的内容视为与 HTTP 同源。已通过禁用使用率较低的机会加密功能解决了此问题。此漏洞会影响版本低于 91.3 的 Firefox ESR、版本低于 94 的 Firefox 和版本低于 91.3 的 Thunderbird。(CVE-2021-38507)

- 若在收到显示权限提示(例如地理位置)的同时于正确位置显示表单有效性消息,则有效性消息可能已经掩盖提示,导致用户可能被诱骗授予权限。此漏洞会影响版本低于 91.3 的 Firefox ESR、版本低于 94 的 Firefox 和版本低于 91.3 的 Thunderbird。(CVE-2021-38508)

- 由于受攻击者控制的事件出现序列异常问题,包含任意(尽管无样式)内容的 Javascript alert() 对话框可显示在攻击者选择的不受控网页之上。此漏洞会影响版本低于 91.3 的 Firefox ESR、版本低于 94 的 Firefox 和版本低于 91.3 的 Thunderbird。
(CVE-2021-38509)

- Mozilla 开发人员和社区成员报告 Firefox 93 与 Firefox ESR 91.2 中存在内存安全错误。其中某些错误展示出内存损坏迹象,我们推测如果攻击者进行足够的尝试,则可以利用此漏洞运行任意代码。此漏洞会影响版本低于 91.3 的 Firefox ESR、版本低于 94 的 Firefox 和版本低于 91.3 的 Thunderbird。(CVE-2021-43534)

- 在其他线程上释放 HTTP2 会话对象时可能会发生释放后使用,从而导致内存损坏和可能遭到恶意利用的崩溃。此漏洞会影响版本低于 91.3 的 Firefox ESR、版本低于 93 的 Firefox 和版本低于 91.3 的 Thunderbird。(CVE-2021-43535)

- 在某些情况下,异步函数会导致导航失败,从而暴露目标 URL。此漏洞会影响版本低于 91.4.0 的 Thunderbird、版本低于 91.4.0 的 Firefox ESR 以及版本低于 95 的 Firefox。
(CVE-2021-43536)

- 从 64 位到 32 位整数大小的错误类型转换会允许攻击者损坏内存,从而导致主机可能因恶意利用漏洞发生崩溃。此漏洞会影响Thunderbird 91.4.0 之前版本、Firefox ESR 91.4.0 之前版本以及 Firefox 95 之前版本。(CVE-2021-43537)

- 通过滥用通知代码中的争用,攻击者可以强制隐藏已接收全屏和指针锁定访问的页面的通知,但此漏洞可能会被用于发动欺骗攻击。此漏洞会影响版本低于 91.4.0 的 Thunderbird、版本低于 91.4.0 的 Firefox ESR 以及版本低于 95 的 Firefox。
(CVE-2021-43538)

- 未能正确记录跨 wasm 实例调用的实时指针位置,这会导致未跟踪这些实时指针的调用内发生 GC。这会导造成释放后使用,从而导致可能会被利用的崩溃。此漏洞会影响版本低于 91.4.0 的 Thunderbird 以及版本低于 91.4.0 的 Firefox ESR。(CVE-2021-43539)

- 调用外部协议的协议处理程序时,未正确转义所提供的包含空格的参数 URL。此漏洞会影响版本低于 91.4.0 的 Thunderbird、版本低于 91.4.0 的 Firefox ESR 以及版本低于 95 的 Firefox。
(CVE-2021-43541)

- 使用 XMLHttpRequest 时,攻击者可通过探测错误消息来加载外部协议,从而识别已安装的应用程序。此漏洞会影响Thunderbird 91.4.0 之前版本、Firefox ESR 91.4.0 之前版本以及 Firefox 95 之前版本。(CVE-2021-43542)

- 使用 CSP 沙盒指令加载的文档可通过嵌入其他内容避开沙盒的脚本限制。此漏洞会影响Thunderbird 91.4.0 之前版本、Firefox ESR 91.4.0 之前版本以及 Firefox 95 之前版本。(CVE-2021-43543)

- 在循环中使用 Location API 会导致严重的应用程序挂起和崩溃。此漏洞会影响Thunderbird 91.4.0 之前版本、Firefox ESR 91.4.0 之前版本以及 Firefox 95 之前版本。(CVE-2021-43545)

- 可以使用经过缩放的本机光标重新创建之前针对用户的光标欺骗攻击。
此漏洞会影响Thunderbird 91.4.0 之前版本、Firefox ESR 91.4.0 之前版本以及 Firefox 95 之前版本。(CVE-2021-43546)

请注意,Nessus 尚未测试此问题,而是只依靠应用程序自我报告的版本号来判断。

解决方案

升级 firefox-esr 程序包。

对于稳定发行版本 (bullseye),这些问题已在 91.4.1esr-1~deb11u1 版本中修复。

另见

https://security-tracker.debian.org/tracker/source-package/firefox-esr

https://www.debian.org/security/2021/dsa-5026

https://security-tracker.debian.org/tracker/CVE-2021-38503

https://security-tracker.debian.org/tracker/CVE-2021-38504

https://security-tracker.debian.org/tracker/CVE-2021-38506

https://security-tracker.debian.org/tracker/CVE-2021-38507

https://security-tracker.debian.org/tracker/CVE-2021-38508

https://security-tracker.debian.org/tracker/CVE-2021-38509

https://security-tracker.debian.org/tracker/CVE-2021-43534

https://security-tracker.debian.org/tracker/CVE-2021-43535

https://security-tracker.debian.org/tracker/CVE-2021-43536

https://security-tracker.debian.org/tracker/CVE-2021-43537

https://security-tracker.debian.org/tracker/CVE-2021-43538

https://security-tracker.debian.org/tracker/CVE-2021-43539

https://security-tracker.debian.org/tracker/CVE-2021-43541

https://security-tracker.debian.org/tracker/CVE-2021-43542

https://security-tracker.debian.org/tracker/CVE-2021-43543

https://security-tracker.debian.org/tracker/CVE-2021-43545

https://security-tracker.debian.org/tracker/CVE-2021-43546

https://packages.debian.org/source/buster/firefox-esr

https://packages.debian.org/source/bullseye/firefox-esr

插件详情

严重性: Critical

ID: 156191

文件名: debian_DSA-5026.nasl

版本: 1.4

类型: local

代理: unix

发布时间: 2021/12/19

最近更新时间: 2022/3/17

支持的传感器: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

风险信息

VPR

风险因素: High

分数: 7.3

CVSS v2

风险因素: High

基本分数: 7.5

时间分数: 5.5

矢量: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 分数来源: CVE-2021-38503

CVSS v3

风险因素: Critical

基本分数: 10

时间分数: 8.7

矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

时间矢量: CVSS:3.0/E:U/RL:O/RC:C

漏洞信息

CPE: p-cpe:/a:debian:debian_linux:firefox-esr, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ach, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-af, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-all, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-an, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ar, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ast, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-az, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-be, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bg, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bn, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-br, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-bs, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ca-valencia, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cak, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cs, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-cy, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-da, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-de, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-dsb, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-el, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-ca, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-en-gb, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eo, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-ar, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-cl, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-es, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-es-mx, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-et, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-eu, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fa, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ff, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fi, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fr, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-fy-nl, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ga-ie, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gd, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gl, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gn, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-gu-in, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-he, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hi-in, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hr, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hsb, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hu, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-hy-am, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ia, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-id, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-is, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-it, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ja, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ka, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kab, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kk, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-km, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-kn, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ko, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lij, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lt, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-lv, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mk, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-mr, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ms, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-my, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nb-no, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ne-np, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nl, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-nn-no, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-oc, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pa-in, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pl, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-br, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-pt-pt, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-rm, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ro, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ru, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-si, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sk, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sl, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-son, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sq, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sr, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-sv-se, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ta, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-te, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-th, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tl, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-tr, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-trs, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uk, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-ur, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-uz, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-vi, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-xh, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-cn, p-cpe:/a:debian:debian_linux:firefox-esr-l10n-zh-tw, p-cpe:/a:debian:debian_linux:iceweasel, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ach, p-cpe:/a:debian:debian_linux:iceweasel-l10n-af, p-cpe:/a:debian:debian_linux:iceweasel-l10n-all, p-cpe:/a:debian:debian_linux:iceweasel-l10n-an, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ar, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ast, p-cpe:/a:debian:debian_linux:iceweasel-l10n-az, p-cpe:/a:debian:debian_linux:iceweasel-l10n-be, p-cpe:/a:debian:debian_linux:iceweasel-l10n-bg, p-cpe:/a:debian:debian_linux:iceweasel-l10n-bn, p-cpe:/a:debian:debian_linux:iceweasel-l10n-br, p-cpe:/a:debian:debian_linux:iceweasel-l10n-bs, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ca-valencia, p-cpe:/a:debian:debian_linux:iceweasel-l10n-cak, p-cpe:/a:debian:debian_linux:iceweasel-l10n-cs, p-cpe:/a:debian:debian_linux:iceweasel-l10n-cy, p-cpe:/a:debian:debian_linux:iceweasel-l10n-da, p-cpe:/a:debian:debian_linux:iceweasel-l10n-de, p-cpe:/a:debian:debian_linux:iceweasel-l10n-dsb, p-cpe:/a:debian:debian_linux:iceweasel-l10n-el, p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-ca, p-cpe:/a:debian:debian_linux:iceweasel-l10n-en-gb, p-cpe:/a:debian:debian_linux:iceweasel-l10n-eo, p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-ar, p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-cl, p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-es, p-cpe:/a:debian:debian_linux:iceweasel-l10n-es-mx, p-cpe:/a:debian:debian_linux:iceweasel-l10n-et, p-cpe:/a:debian:debian_linux:iceweasel-l10n-eu, p-cpe:/a:debian:debian_linux:iceweasel-l10n-fa, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ff, p-cpe:/a:debian:debian_linux:iceweasel-l10n-fi, p-cpe:/a:debian:debian_linux:iceweasel-l10n-fr, p-cpe:/a:debian:debian_linux:iceweasel-l10n-fy-nl, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ga-ie, p-cpe:/a:debian:debian_linux:iceweasel-l10n-gd, p-cpe:/a:debian:debian_linux:iceweasel-l10n-gl, p-cpe:/a:debian:debian_linux:iceweasel-l10n-gn, p-cpe:/a:debian:debian_linux:iceweasel-l10n-gu-in, p-cpe:/a:debian:debian_linux:iceweasel-l10n-he, p-cpe:/a:debian:debian_linux:iceweasel-l10n-hi-in, p-cpe:/a:debian:debian_linux:iceweasel-l10n-hr, p-cpe:/a:debian:debian_linux:iceweasel-l10n-hsb, p-cpe:/a:debian:debian_linux:iceweasel-l10n-hu, p-cpe:/a:debian:debian_linux:iceweasel-l10n-hy-am, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ia, p-cpe:/a:debian:debian_linux:iceweasel-l10n-id, p-cpe:/a:debian:debian_linux:iceweasel-l10n-is, p-cpe:/a:debian:debian_linux:iceweasel-l10n-it, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ja, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ka, p-cpe:/a:debian:debian_linux:iceweasel-l10n-kab, p-cpe:/a:debian:debian_linux:iceweasel-l10n-kk, p-cpe:/a:debian:debian_linux:iceweasel-l10n-km, p-cpe:/a:debian:debian_linux:iceweasel-l10n-kn, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ko, p-cpe:/a:debian:debian_linux:iceweasel-l10n-lij, p-cpe:/a:debian:debian_linux:iceweasel-l10n-lt, p-cpe:/a:debian:debian_linux:iceweasel-l10n-lv, p-cpe:/a:debian:debian_linux:iceweasel-l10n-mk, p-cpe:/a:debian:debian_linux:iceweasel-l10n-mr, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ms, p-cpe:/a:debian:debian_linux:iceweasel-l10n-my, p-cpe:/a:debian:debian_linux:iceweasel-l10n-nb-no, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ne-np, p-cpe:/a:debian:debian_linux:iceweasel-l10n-nl, p-cpe:/a:debian:debian_linux:iceweasel-l10n-nn-no, p-cpe:/a:debian:debian_linux:iceweasel-l10n-oc, p-cpe:/a:debian:debian_linux:iceweasel-l10n-pa-in, p-cpe:/a:debian:debian_linux:iceweasel-l10n-pl, p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-br, p-cpe:/a:debian:debian_linux:iceweasel-l10n-pt-pt, p-cpe:/a:debian:debian_linux:iceweasel-l10n-rm, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ro, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ru, p-cpe:/a:debian:debian_linux:iceweasel-l10n-si, p-cpe:/a:debian:debian_linux:iceweasel-l10n-sk, p-cpe:/a:debian:debian_linux:iceweasel-l10n-sl, p-cpe:/a:debian:debian_linux:iceweasel-l10n-son, p-cpe:/a:debian:debian_linux:iceweasel-l10n-sq, p-cpe:/a:debian:debian_linux:iceweasel-l10n-sr, p-cpe:/a:debian:debian_linux:iceweasel-l10n-sv-se, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ta, p-cpe:/a:debian:debian_linux:iceweasel-l10n-te, p-cpe:/a:debian:debian_linux:iceweasel-l10n-th, p-cpe:/a:debian:debian_linux:iceweasel-l10n-tl, p-cpe:/a:debian:debian_linux:iceweasel-l10n-tr, p-cpe:/a:debian:debian_linux:iceweasel-l10n-trs, p-cpe:/a:debian:debian_linux:iceweasel-l10n-uk, p-cpe:/a:debian:debian_linux:iceweasel-l10n-ur, p-cpe:/a:debian:debian_linux:iceweasel-l10n-uz, p-cpe:/a:debian:debian_linux:iceweasel-l10n-vi, p-cpe:/a:debian:debian_linux:iceweasel-l10n-xh, p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-cn, p-cpe:/a:debian:debian_linux:iceweasel-l10n-zh-tw, cpe:/o:debian:debian_linux:11.0

必需的 KB 项: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

易利用性: No known exploits are available

补丁发布日期: 2021/12/19

漏洞发布日期: 2021/10/5

参考资料信息

CVE: CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546

IAVA: 2021-A-0527-S, 2021-A-0569-S