Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.851687
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2018:0203-1)
Summary:The remote host is missing an update for the 'MozillaFirefox'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'MozillaFirefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for MozillaFirefox fixes the following issues:

- update to Firefox 52.6esr (boo#1077291) MFSA 2018-01

* Speculative execution side-channel attack ('Spectre') MFSA 2018-03

* CVE-2018-5091 (bmo#1423086) Use-after-free with DTMF timers

* CVE-2018-5095 (bmo#1418447) Integer overflow in Skia library during
edge builder allocation

* CVE-2018-5096 (bmo#1418922) Use-after-free while editing form elements

* CVE-2018-5097 (bmo#1387427) Use-after-free when source document is
manipulated during XSLT

* CVE-2018-5098 (bmo#1399400) Use-after-free while manipulating form
input elements

* CVE-2018-5099 (bmo#1416878) Use-after-free with widget listener

* CVE-2018-5102 (bmo#1419363) Use-after-free in HTML media elements

* CVE-2018-5103 (bmo#1423159) Use-after-free during mouse event handling

* CVE-2018-5104 (bmo#1425000) Use-after-free during font face
manipulation

* CVE-2018-5117 (bmo#1395508) URL spoofing with right-to-left text
aligned left-to-right

* CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR
52.6

- Added additional patches and configurations to fix builds on s390 and
PowerPC.

* Added firefox-glibc-getrandom.patch effecting builds on s390 and
PowerPC

* Added mozilla-s390-bigendian.patch along with icudt58b.dat bigendian
ICU data file for running Firefox on bigendian architectures
(bmo#1322212 and bmo#1264836)

* Added mozilla-s390-nojit.patch to enable atomic operations used by the
JS engine when JIT is disabled on s390

* Build configuration options specific to s390

* Requires NSS = 3.29.5

Affected Software/OS:
MozillaFirefox on openSUSE Leap 42.3, openSUSE Leap 42.2

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-5089
BugTraq ID: 102783
http://www.securityfocus.com/bid/102783
Debian Security Information: DSA-4096 (Google Search)
https://www.debian.org/security/2018/dsa-4096
Debian Security Information: DSA-4102 (Google Search)
https://www.debian.org/security/2018/dsa-4102
https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html
https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html
RedHat Security Advisories: RHSA-2018:0122
https://access.redhat.com/errata/RHSA-2018:0122
RedHat Security Advisories: RHSA-2018:0262
https://access.redhat.com/errata/RHSA-2018:0262
http://www.securitytracker.com/id/1040270
https://usn.ubuntu.com/3544-1/
https://usn.ubuntu.com/3688-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-5091
Common Vulnerability Exposure (CVE) ID: CVE-2018-5095
Common Vulnerability Exposure (CVE) ID: CVE-2018-5096
BugTraq ID: 102771
http://www.securityfocus.com/bid/102771
Common Vulnerability Exposure (CVE) ID: CVE-2018-5097
Common Vulnerability Exposure (CVE) ID: CVE-2018-5098
Common Vulnerability Exposure (CVE) ID: CVE-2018-5099
Common Vulnerability Exposure (CVE) ID: CVE-2018-5102
Common Vulnerability Exposure (CVE) ID: CVE-2018-5103
Common Vulnerability Exposure (CVE) ID: CVE-2018-5104
Common Vulnerability Exposure (CVE) ID: CVE-2018-5117
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.