Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.851687 |
Category: | SuSE Local Security Checks |
Title: | openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2018:0203-1) |
Summary: | The remote host is missing an update for the 'MozillaFirefox'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the referenced advisory. Vulnerability Insight: This update for MozillaFirefox fixes the following issues: - update to Firefox 52.6esr (boo#1077291) MFSA 2018-01 * Speculative execution side-channel attack ('Spectre') MFSA 2018-03 * CVE-2018-5091 (bmo#1423086) Use-after-free with DTMF timers * CVE-2018-5095 (bmo#1418447) Integer overflow in Skia library during edge builder allocation * CVE-2018-5096 (bmo#1418922) Use-after-free while editing form elements * CVE-2018-5097 (bmo#1387427) Use-after-free when source document is manipulated during XSLT * CVE-2018-5098 (bmo#1399400) Use-after-free while manipulating form input elements * CVE-2018-5099 (bmo#1416878) Use-after-free with widget listener * CVE-2018-5102 (bmo#1419363) Use-after-free in HTML media elements * CVE-2018-5103 (bmo#1423159) Use-after-free during mouse event handling * CVE-2018-5104 (bmo#1425000) Use-after-free during font face manipulation * CVE-2018-5117 (bmo#1395508) URL spoofing with right-to-left text aligned left-to-right * CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 - Added additional patches and configurations to fix builds on s390 and PowerPC. * Added firefox-glibc-getrandom.patch effecting builds on s390 and PowerPC * Added mozilla-s390-bigendian.patch along with icudt58b.dat bigendian ICU data file for running Firefox on bigendian architectures (bmo#1322212 and bmo#1264836) * Added mozilla-s390-nojit.patch to enable atomic operations used by the JS engine when JIT is disabled on s390 * Build configuration options specific to s390 * Requires NSS = 3.29.5 Affected Software/OS: MozillaFirefox on openSUSE Leap 42.3, openSUSE Leap 42.2 Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-5089 BugTraq ID: 102783 http://www.securityfocus.com/bid/102783 Debian Security Information: DSA-4096 (Google Search) https://www.debian.org/security/2018/dsa-4096 Debian Security Information: DSA-4102 (Google Search) https://www.debian.org/security/2018/dsa-4102 https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html RedHat Security Advisories: RHSA-2018:0122 https://access.redhat.com/errata/RHSA-2018:0122 RedHat Security Advisories: RHSA-2018:0262 https://access.redhat.com/errata/RHSA-2018:0262 http://www.securitytracker.com/id/1040270 https://usn.ubuntu.com/3544-1/ https://usn.ubuntu.com/3688-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5091 Common Vulnerability Exposure (CVE) ID: CVE-2018-5095 Common Vulnerability Exposure (CVE) ID: CVE-2018-5096 BugTraq ID: 102771 http://www.securityfocus.com/bid/102771 Common Vulnerability Exposure (CVE) ID: CVE-2018-5097 Common Vulnerability Exposure (CVE) ID: CVE-2018-5098 Common Vulnerability Exposure (CVE) ID: CVE-2018-5099 Common Vulnerability Exposure (CVE) ID: CVE-2018-5102 Common Vulnerability Exposure (CVE) ID: CVE-2018-5103 Common Vulnerability Exposure (CVE) ID: CVE-2018-5104 Common Vulnerability Exposure (CVE) ID: CVE-2018-5117 |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |