Open mpfcp opened 1 week ago
Hi @mpfcp thanks for your report, surely this false positive will be fixed through content, we will keep you updated after the analysis.
@sebasfalcone we probably have a translation conflict between T-0006 and T-0031 translations.
Just as additional information, it affects more than this specific CVE. It shows 103 CVEs for this up to date Firefox ESR. Some even as old as 2003,2007 and so on (that say they have been fixed since version 2.x.x of Firefox).
If this is due to the package's name, then the impact should be multiple, make sense.
The issue is related to the translations, we are classifying "Mozilla Firefox" and "Mozilla Firefox ESR" as the same package
I've updated the translations so Mozilla Firefox ESR packages aren't identified as Mozilla Firefox
Fix merged, waiting to release new translation.
Changes are already present on the offsets but they are not committed yet
Changes are already present on the offsets but they are not committed yet
Wazuh Manager: 4.8.0-1, Ubuntu 22.04.4 LTS Agent: v4.8.0, Microsoft Windows 11 Pro 10.0.22631.3737 Software: Mozilla Firefox ESR v115.12.0 (latest)
This affects all of our devices. The vulnerability detector says the devices are vulnerable to CVE-2024-0755. But according to that CVE only those versions are affected:
And our devices have Firefox ESR version 115.12.0 , so according to this list are not vulnerable.
Full Vulnerability Report Details:
Maybe it has something to do with having the german version of Firefox ESR installed, leading to the package name "Mozilla Firefox ESR (x64 de)" ?