Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.851523 |
Category: | SuSE Local Security Checks |
Title: | openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2017:0690-1) |
Summary: | The remote host is missing an update for the 'MozillaFirefox'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the referenced advisory. Vulnerability Insight: This update for MozillaFirefox and mozilla-nss fixes the following issues: MozillaFirefox was updated to Firefox 52.0 (boo#1028391) * requires NSS = 3.28.3 * Pages containing insecure password fields now display a warning directly within username and password fields. * Send and open a tab from one device to another with Sync * Removed NPAPI support for plugins other than Flash. Silverlight, Java, Acrobat and the like are no longer supported. * Removed Battery Status API to reduce fingerprinting of users by trackers * MFSA 2017-05 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933) CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861) CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876) CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186) CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138) CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890) CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622) CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687) CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711) CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504) CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370) CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) CVE-2017-5417: Addressbar spoofing by dragging and dropping URLs (bmo#791597) CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361) CVE-2017-5427: Non-existent chrome.manifest file loaded during startup (bmo#1295542) CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876) CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243) CVE-2017-5420: Javascript: URLs can obfuscate addressbar location (bmo#1284395) CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699) CVE-2017-5421: Print preview spoofing (bmo#1301876) CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002) CVE-2017-5399: Memory safety bugs fixed in Firefox 52 CVE-2017-5398 ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: MozillaFirefox, on openSUSE Leap 42.2, openSUSE Leap 42.1 Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-5398 BugTraq ID: 96651 http://www.securityfocus.com/bid/96651 Debian Security Information: DSA-3805 (Google Search) https://www.debian.org/security/2017/dsa-3805 Debian Security Information: DSA-3832 (Google Search) https://www.debian.org/security/2017/dsa-3832 https://security.gentoo.org/glsa/201705-06 https://security.gentoo.org/glsa/201705-07 RedHat Security Advisories: RHSA-2017:0459 http://rhn.redhat.com/errata/RHSA-2017-0459.html RedHat Security Advisories: RHSA-2017:0461 http://rhn.redhat.com/errata/RHSA-2017-0461.html RedHat Security Advisories: RHSA-2017:0498 http://rhn.redhat.com/errata/RHSA-2017-0498.html http://www.securitytracker.com/id/1037966 Common Vulnerability Exposure (CVE) ID: CVE-2017-5399 BugTraq ID: 96692 http://www.securityfocus.com/bid/96692 Common Vulnerability Exposure (CVE) ID: CVE-2017-5400 BugTraq ID: 96654 http://www.securityfocus.com/bid/96654 Common Vulnerability Exposure (CVE) ID: CVE-2017-5401 BugTraq ID: 96677 http://www.securityfocus.com/bid/96677 Common Vulnerability Exposure (CVE) ID: CVE-2017-5402 BugTraq ID: 96664 http://www.securityfocus.com/bid/96664 Common Vulnerability Exposure (CVE) ID: CVE-2017-5403 BugTraq ID: 96691 http://www.securityfocus.com/bid/96691 Common Vulnerability Exposure (CVE) ID: CVE-2017-5404 https://www.exploit-db.com/exploits/41660/ Common Vulnerability Exposure (CVE) ID: CVE-2017-5405 BugTraq ID: 96693 http://www.securityfocus.com/bid/96693 Common Vulnerability Exposure (CVE) ID: CVE-2017-5406 Common Vulnerability Exposure (CVE) ID: CVE-2017-5407 Common Vulnerability Exposure (CVE) ID: CVE-2017-5408 Common Vulnerability Exposure (CVE) ID: CVE-2017-5410 Common Vulnerability Exposure (CVE) ID: CVE-2017-5412 Common Vulnerability Exposure (CVE) ID: CVE-2017-5413 Common Vulnerability Exposure (CVE) ID: CVE-2017-5414 Common Vulnerability Exposure (CVE) ID: CVE-2017-5415 Common Vulnerability Exposure (CVE) ID: CVE-2017-5416 Common Vulnerability Exposure (CVE) ID: CVE-2017-5417 Common Vulnerability Exposure (CVE) ID: CVE-2017-5418 Common Vulnerability Exposure (CVE) ID: CVE-2017-5419 Common Vulnerability Exposure (CVE) ID: CVE-2017-5420 Common Vulnerability Exposure (CVE) ID: CVE-2017-5421 Common Vulnerability Exposure (CVE) ID: CVE-2017-5422 Common Vulnerability Exposure (CVE) ID: CVE-2017-5426 BugTraq ID: 96694 http://www.securityfocus.com/bid/96694 Common Vulnerability Exposure (CVE) ID: CVE-2017-5427 |
Copyright | Copyright (C) 2017 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |