Description: | Summary: The remote host is missing an update for the 'Mozilla' package(s) announced via the referenced advisory.
Vulnerability Insight: MozillaFirefox has been updated to version 31.5.0 ESR to fix five security issues.
These security issues have been fixed:
* CVE-2015-0836: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.5 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597).
* CVE-2015-0827: Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 31.5 allowed remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic (bnc#917597).
* CVE-2015-0835: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597).
* CVE-2015-0831: Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 31.5 allowed remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation (bnc#917597).
* CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox before 31.5 allowed remote attackers to read arbitrary files via crafted JavaScript code (bnc#917597).
Affected Software/OS: Mozilla on SUSE Linux Enterprise Server 11 SP2 LTSS, SUSE Linux Enterprise Server 11 SP1 LTSS
Solution: Please install the updated package(s).
CVSS Score: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
|