Test ID:	1.3.6.1.4.1.25623.1.1.10.2014.0006
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2014-0006)
Summary:	The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts, thunderbird, thunderbird-l10n, thunderbird-lightning' package(s) announced via the MGASA-2014-0006 advisory.
Description:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nss, rootcerts, thunderbird, thunderbird-l10n, thunderbird-lightning' package(s) announced via the MGASA-2014-0006 advisory. Vulnerability Insight: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox or Thunderbird (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613). It was found that a subordinate Certificate Authority (CA) mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted (MFSA 2013-117). The rootcerts and nss packages have been updated to fix the MFSA 2013-117 issue. The thunderbird-lightning package has been updated to a version that is compatible with the updated thunderbird. Affected Software/OS: 'firefox, firefox-l10n, nss, rootcerts, thunderbird, thunderbird-l10n, thunderbird-lightning' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5609 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html https://security.gentoo.org/glsa/201504-01 RedHat Security Advisories: RHSA-2013:1812 http://rhn.redhat.com/errata/RHSA-2013-1812.html http://www.securitytracker.com/id/1029470 http://www.securitytracker.com/id/1029476 SuSE Security Announcement: SUSE-SU-2013:1919 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html SuSE Security Announcement: openSUSE-SU-2013:1916 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html SuSE Security Announcement: openSUSE-SU-2013:1917 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html SuSE Security Announcement: openSUSE-SU-2013:1918 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html SuSE Security Announcement: openSUSE-SU-2013:1957 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html SuSE Security Announcement: openSUSE-SU-2013:1958 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html SuSE Security Announcement: openSUSE-SU-2013:1959 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html SuSE Security Announcement: openSUSE-SU-2014:0008 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html http://www.ubuntu.com/usn/USN-2052-1 http://www.ubuntu.com/usn/USN-2053-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-5613 Common Vulnerability Exposure (CVE) ID: CVE-2013-5616 Common Vulnerability Exposure (CVE) ID: CVE-2013-5618 Common Vulnerability Exposure (CVE) ID: CVE-2013-6671 BugTraq ID: 64212 http://www.securityfocus.com/bid/64212
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.