Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.851523
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2017:0690-1)
Summary:The remote host is missing an update for the 'MozillaFirefox'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'MozillaFirefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for MozillaFirefox and mozilla-nss fixes the following issues:

MozillaFirefox was updated to Firefox 52.0 (boo#1028391)

* requires NSS = 3.28.3

* Pages containing insecure password fields now display a warning
directly within username and password fields.

* Send and open a tab from one device to another with Sync

* Removed NPAPI support for plugins other than Flash. Silverlight, Java,
Acrobat and the like are no longer supported.

* Removed Battery Status API to reduce fingerprinting of users by
trackers

* MFSA 2017-05 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
(bmo#1334933) CVE-2017-5401: Memory Corruption when handling
ErrorResult (bmo#1328861) CVE-2017-5402: Use-after-free working with
events in FontFace
objects (bmo#1334876) CVE-2017-5403: Use-after-free
using addRange to add range to an incorrect root object (bmo#1340186)
CVE-2017-5404: Use-after-free working with ranges in selections
(bmo#1340138) CVE-2017-5406: Segmentation fault in Skia with canvas
operations (bmo#1306890) CVE-2017-5407: Pixel and history stealing via
floating-point timing side channel with SVG filters (bmo#1336622)
CVE-2017-5410: Memory corruption during JavaScript garbage collection
incremental sweeping (bmo#1330687) CVE-2017-5408: Cross-origin reading of
video captions in violation
of CORS (bmo#1313711) CVE-2017-5412: Buffer overflow
read in SVG filters (bmo#1328323) CVE-2017-5413: Segmentation fault during
bidirectional operations (bmo#1337504) CVE-2017-5414: File picker can
choose incorrect default directory (bmo#1319370) CVE-2017-5415: Addressbar
spoofing through blob URL (bmo#1321719) CVE-2017-5416: Null dereference
crash in HttpChannel (bmo#1328121) CVE-2017-5417: Addressbar spoofing by
dragging and dropping URLs (bmo#791597) CVE-2017-5426: Gecko Media Plugin
sandbox is not started if seccomp-bpf filter is running (bmo#1257361)
CVE-2017-5427: Non-existent chrome.manifest file loaded during startup
(bmo#1295542) CVE-2017-5418: Out of bounds read when parsing HTTP digest
authorization responses (bmo#1338876) CVE-2017-5419: Repeated
authentication prompts lead to DOS attack (bmo#1312243) CVE-2017-5420:
Javascript: URLs can obfuscate addressbar location (bmo#1284395)
CVE-2017-5405: FTP response codes can cause use of uninitialized values
for ports (bmo#1336699) CVE-2017-5421: Print preview spoofing
(bmo#1301876) CVE-2017-5422: DOS attack by using view-source: protocol
repeatedly in one hyperlink (bmo#1295002) CVE-2017-5399: Memory safety
bugs fixed in Firefox 52 CVE-2017-5398 ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
MozillaFirefox, on openSUSE Leap 42.2, openSUSE Leap 42.1

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-5398
BugTraq ID: 96651
http://www.securityfocus.com/bid/96651
Debian Security Information: DSA-3805 (Google Search)
https://www.debian.org/security/2017/dsa-3805
Debian Security Information: DSA-3832 (Google Search)
https://www.debian.org/security/2017/dsa-3832
https://security.gentoo.org/glsa/201705-06
https://security.gentoo.org/glsa/201705-07
RedHat Security Advisories: RHSA-2017:0459
http://rhn.redhat.com/errata/RHSA-2017-0459.html
RedHat Security Advisories: RHSA-2017:0461
http://rhn.redhat.com/errata/RHSA-2017-0461.html
RedHat Security Advisories: RHSA-2017:0498
http://rhn.redhat.com/errata/RHSA-2017-0498.html
http://www.securitytracker.com/id/1037966
Common Vulnerability Exposure (CVE) ID: CVE-2017-5399
BugTraq ID: 96692
http://www.securityfocus.com/bid/96692
Common Vulnerability Exposure (CVE) ID: CVE-2017-5400
BugTraq ID: 96654
http://www.securityfocus.com/bid/96654
Common Vulnerability Exposure (CVE) ID: CVE-2017-5401
BugTraq ID: 96677
http://www.securityfocus.com/bid/96677
Common Vulnerability Exposure (CVE) ID: CVE-2017-5402
BugTraq ID: 96664
http://www.securityfocus.com/bid/96664
Common Vulnerability Exposure (CVE) ID: CVE-2017-5403
BugTraq ID: 96691
http://www.securityfocus.com/bid/96691
Common Vulnerability Exposure (CVE) ID: CVE-2017-5404
https://www.exploit-db.com/exploits/41660/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5405
BugTraq ID: 96693
http://www.securityfocus.com/bid/96693
Common Vulnerability Exposure (CVE) ID: CVE-2017-5406
Common Vulnerability Exposure (CVE) ID: CVE-2017-5407
Common Vulnerability Exposure (CVE) ID: CVE-2017-5408
Common Vulnerability Exposure (CVE) ID: CVE-2017-5410
Common Vulnerability Exposure (CVE) ID: CVE-2017-5412
Common Vulnerability Exposure (CVE) ID: CVE-2017-5413
Common Vulnerability Exposure (CVE) ID: CVE-2017-5414
Common Vulnerability Exposure (CVE) ID: CVE-2017-5415
Common Vulnerability Exposure (CVE) ID: CVE-2017-5416
Common Vulnerability Exposure (CVE) ID: CVE-2017-5417
Common Vulnerability Exposure (CVE) ID: CVE-2017-5418
Common Vulnerability Exposure (CVE) ID: CVE-2017-5419
Common Vulnerability Exposure (CVE) ID: CVE-2017-5420
Common Vulnerability Exposure (CVE) ID: CVE-2017-5421
Common Vulnerability Exposure (CVE) ID: CVE-2017-5422
Common Vulnerability Exposure (CVE) ID: CVE-2017-5426
BugTraq ID: 96694
http://www.securityfocus.com/bid/96694
Common Vulnerability Exposure (CVE) ID: CVE-2017-5427
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.