Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.850463
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for Mozilla Firefox and others (openSUSE-SU-2013:0631-1)
Summary:The remote host is missing an update for the 'Mozilla Firefox and others'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'Mozilla Firefox and others'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The Mozilla suite received security and bugfix updates:

Firefox was updated to version 20.0. Thunderbird was
updated to version 17.0.5. Seamonkey was updated to version
2.17 mozilla-nss was updated to version 3.14.3.
mozilla-nspr was updated to version 4.9.6.

mozilla-nspr was updated to version 4.9.6:

* aarch64 support

* added PL_SizeOfArenaPoolExcludingPool function
(bmo#807883)

* Auto detect android api version for x86 (bmo#782214)

* Initialize Windows CRITICAL_SECTIONs without debug info
and with nonzero spin count (bmo#812085) Previous update
to version 4.9.5

* bmo#634793: define NSPR's exact-width integer types
PRInt{N} and PRUint{N} types to match the
exact-width integer types int{N}_t and uint{N}_t.

* bmo#782815: passing 'int *' to parameter of type
'unsigned int *' in setsockopt().

* bmo#822932: Port bmo#802527 (NDK r8b support for x86) to
NSPR.

* bmo#824742: NSPR shouldn't require librt on Android.

* bmo#831793: data race on lib-&>refCount in
PR_UnloadLibrary.

mozilla-nss was updated to version 3.14.3:

* disable tests with expired certificates

* add SEC_PKCS7VerifyDetachedSignatureAtTime using patch
from mozilla tree to fulfill Firefox 21 requirements

* No new major functionality is introduced in this release.
This release is a patch release to address CVE-2013-1620
(bmo#822365)

* 'certutil -a' was not correctly producing ASCII output as
requested. (bmo#840714)

* NSS 3.14.2 broke compilation with older versions of
sqlite that lacked the SQLITE_FCNTL_TEMPFILENAME file
control. NSS 3.14.3 now properly compiles when used with
older versions of sqlite (bmo#837799) - remove
system-sqlite.patch

* add aarch64 support

* added system-sqlite.patch (bmo#837799)

* do not depend on latest sqlite just for a #define

* enable system sqlite usage again

* update to 3.14.2

* required for Firefox &>= 20

* removed obsolete nssckbi update patch

* MFSA 2013-40/CVE-2013-0791 (bmo#629816) Out-of-bounds
array read in CERT_DecodeCertPackage

* disable system sqlite usage since we depend on 3.7.15
which is not provided in any openSUSE distribution

* add nss-sqlitename.patch to avoid any name clash

Changes in MozillaFirefox:

- update to Firefox 20.0 (bnc#813026)

* requires NSPR 4.9.5 and NSS 3.14.3

* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous
memory safety hazards

* MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds
write in Cairo library

* MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash
with Mesa graphics driver on Linux

Affected Software/OS:
Mozilla Firefox and others on openSUSE 11.4

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-0788
Debian Security Information: DSA-2699 (Google Search)
http://www.debian.org/security/2013/dsa-2699
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16629
RedHat Security Advisories: RHSA-2013:0696
http://rhn.redhat.com/errata/RHSA-2013-0696.html
RedHat Security Advisories: RHSA-2013:0697
http://rhn.redhat.com/errata/RHSA-2013-0697.html
SuSE Security Announcement: SUSE-SU-2013:0645 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
SuSE Security Announcement: SUSE-SU-2013:0850 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
SuSE Security Announcement: openSUSE-SU-2013:0630 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
SuSE Security Announcement: openSUSE-SU-2013:0631 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
SuSE Security Announcement: openSUSE-SU-2013:0875 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
http://www.ubuntu.com/usn/USN-1791-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0789
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17079
Common Vulnerability Exposure (CVE) ID: CVE-2013-0792
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17021
Common Vulnerability Exposure (CVE) ID: CVE-2013-0793
BugTraq ID: 58837
http://www.securityfocus.com/bid/58837
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16928
Common Vulnerability Exposure (CVE) ID: CVE-2013-0794
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17065
Common Vulnerability Exposure (CVE) ID: CVE-2013-0795
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16842
Common Vulnerability Exposure (CVE) ID: CVE-2013-0796
Common Vulnerability Exposure (CVE) ID: CVE-2013-0800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16909
Common Vulnerability Exposure (CVE) ID: CVE-2013-1620
BugTraq ID: 57777
http://www.securityfocus.com/bid/57777
BugTraq ID: 64758
http://www.securityfocus.com/bid/64758
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://seclists.org/fulldisclosure/2014/Dec/23
http://security.gentoo.org/glsa/glsa-201406-19.xml
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
http://openwall.com/lists/oss-security/2013/02/05/24
RedHat Security Advisories: RHSA-2013:1135
http://rhn.redhat.com/errata/RHSA-2013-1135.html
RedHat Security Advisories: RHSA-2013:1144
http://rhn.redhat.com/errata/RHSA-2013-1144.html
http://www.ubuntu.com/usn/USN-1763-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0791
BugTraq ID: 58826
http://www.securityfocus.com/bid/58826
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150
CopyrightCopyright (C) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.