Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.850597 |
Categoría: | SuSE Local Security Checks |
Título: | openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2014:0939-1) |
Resumen: | The remote host is missing an update for the 'MozillaFirefox'; package(s) announced via the referenced advisory. |
Descripción: | Summary: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the referenced advisory. Vulnerability Insight: MozillaFirefox was updated to version 31 to fix various security issues and bugs: * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards * MFSA 2014-57/CVE-2014-1549 (bmo#1020205) Buffer overflow during Web Audio buffering for playback * MFSA 2014-58/CVE-2014-1550 (bmo#1020411) Use-after-free in Web Audio due to incorrect control message ordering * MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375) Toolbar dialog customization event spoofing * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.2 requirement) * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images * MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560 (bmo#1015973, bmo#1026022, bmo#997795) Certificate parsing broken by non-standard character encoding * MFSA 2014-66/CVE-2014-1552 (bmo#985135) IFRAME sandbox same-origin access through redirect Mozilla-nss was updated to 3.16.3: New Functions: * CERT_GetGeneralNameTypeFromString (This function was already added in NSS 3.16.2, however, it wasn't declared in a public header file.) Notable Changes: * The following 1024-bit CA certificates were removed - Entrust.net Secure Server Certification Authority - GTE CyberTrust Global Root - ValiCert Class 1 Policy Validation Authority - ValiCert Class 2 Policy Validation Authority - ValiCert Class 3 Policy Validation Authority * Additionally, the following CA certificate was removed as requested by the CA: - TDC Internet Root CA * The following CA certificates were added: - Certification Authority of WoSign - CA - DigiCert Assured ID Root G2 - DigiCert Assured ID Root G3 - DigiCert Global Root G2 - DigiCert Global Root G3 - DigiCert Trusted Root G4 - QuoVadis Root CA 1 G3 - QuoVadis Root CA 2 G3 - QuoVadis Root CA 3 G3 * The Trust Bits were changed for the following CA certificates - Class 3 Public Primary Certification Authority - Class 3 Public Primary Certification Authority - Class 2 Public Primary Certification Authority - G2 - VeriSign Class 2 Public Primary Certification Authority - G3 - AC Raz Certicmara S.A. - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado changes in 3.16.2 New functi ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: MozillaFirefox on openSUSE 13.1, openSUSE 12.3 Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-1544 BugTraq ID: 68816 http://www.securityfocus.com/bid/68816 Debian Security Information: DSA-2986 (Google Search) http://www.debian.org/security/2014/dsa-2986 Debian Security Information: DSA-2996 (Google Search) http://www.debian.org/security/2014/dsa-2996 https://security.gentoo.org/glsa/201504-01 http://www.securitytracker.com/id/1030617 http://secunia.com/advisories/59591 http://secunia.com/advisories/59719 http://secunia.com/advisories/59760 http://secunia.com/advisories/60083 http://secunia.com/advisories/60486 http://secunia.com/advisories/60621 http://secunia.com/advisories/60628 Common Vulnerability Exposure (CVE) ID: CVE-2014-1547 BugTraq ID: 68811 http://www.securityfocus.com/bid/68811 http://www.securitytracker.com/id/1030619 http://www.securitytracker.com/id/1030620 http://secunia.com/advisories/60306 Common Vulnerability Exposure (CVE) ID: CVE-2014-1548 BugTraq ID: 68818 http://www.securityfocus.com/bid/68818 Common Vulnerability Exposure (CVE) ID: CVE-2014-1549 BugTraq ID: 68820 http://www.securityfocus.com/bid/68820 Common Vulnerability Exposure (CVE) ID: CVE-2014-1550 Common Vulnerability Exposure (CVE) ID: CVE-2014-1552 Common Vulnerability Exposure (CVE) ID: CVE-2014-1555 BugTraq ID: 68814 http://www.securityfocus.com/bid/68814 Common Vulnerability Exposure (CVE) ID: CVE-2014-1556 BugTraq ID: 68822 http://www.securityfocus.com/bid/68822 Common Vulnerability Exposure (CVE) ID: CVE-2014-1557 BugTraq ID: 68824 http://www.securityfocus.com/bid/68824 Common Vulnerability Exposure (CVE) ID: CVE-2014-1558 Common Vulnerability Exposure (CVE) ID: CVE-2014-1559 Common Vulnerability Exposure (CVE) ID: CVE-2014-1560 Common Vulnerability Exposure (CVE) ID: CVE-2014-1561 |
Copyright | Copyright (C) 2014 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |