Open mpfcp opened 1 week ago
Dwordcito
commented
1 week ago Hi @mpfcp thanks for your report, surely this false positive will be fixed through content, we will keep you updated after the analysis.
@sebasfalcone we probably have a translation conflict between T-0006 and T-0031 translations.
mpfcp
commented
1 week ago Just as additional information, it affects more than this specific CVE. It shows 103 CVEs for this up to date Firefox ESR. Some even as old as 2003,2007 and so on (that say they have been fixed since version 2.x.x of Firefox).
Dwordcito
commented
1 week ago If this is due to the package's name, then the impact should be multiple, make sense.
sebasfalcone
commented
1 week ago The issue is related to the translations, we are classifying "Mozilla Firefox" and "Mozilla Firefox ESR" as the same package
sebasfalcone
commented
1 week ago I've updated the translations so Mozilla Firefox ESR packages aren't identified as Mozilla Firefox
Dwordcito
commented
1 week ago Fix merged, waiting to release new translation.
sebasfalcone
commented
1 week ago Changes are already present on the offsets but they are not committed yet
sebasfalcone
commented
5 days ago Changes are already present on the offsets but they are not committed yet
Wazuh Manager: 4.8.0-1, Ubuntu 22.04.4 LTS Agent: v4.8.0, Microsoft Windows 11 Pro 10.0.22631.3737 Software: Mozilla Firefox ESR v115.12.0 (latest)
This affects all of our devices. The vulnerability detector says the devices are vulnerable to CVE-2024-0755. But according to that CVE only those versions are affected:
And our devices have Firefox ESR version 115.12.0 , so according to this list are not vulnerable.
Full Vulnerability Report Details:
Maybe it has something to do with having the german version of Firefox ESR installed, leading to the package name "Mozilla Firefox ESR (x64 de)" ?