Description: | Summary: The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2014:0248-2 advisory.
Vulnerability Insight: Mozilla Firefox was updated to the 24.3.0ESR security release.
The following security issues have been fixed:
*
MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345)
*
MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348)
*
MFSA 2014-03: Download 'open file' dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480)
*
MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356)
*
MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360)
*
MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484)
*
MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485)
*
MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486)
*
MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487)
*
MFSA 2014-10: settings & history ID bug (CVE-2014-1489)
*
MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488)
*
MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289)
*
MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309)
Also Mozilla NSS was updated to 3.15.4 release.
* required for Firefox 27 * regular CA root store update (1.96) * some OSCP improvments * other bugfixes
Security Issue references:
* CVE-2014-1477 > * CVE-2014-1479 > * CVE-2014-1480 > * CVE-2014-1481 > * CVE-2014-1482 > * CVE-2014-1483 > * CVE-2014-1484 > * CVE-2014-1485 > * CVE-2014-1486 > * CVE-2014-1487 > * CVE-2014-1488 > * CVE-2014-1489 > * CVE-2014-1490 > * CVE-2014-1491 >
Affected Software/OS: 'Mozilla Firefox' package(s) on SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Server 11 SP2.
Solution: Please install the updated package(s).
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|