Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.850809
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2014:0248-1)
Summary:The remote host is missing an update for the 'MozillaFirefox'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'MozillaFirefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This updates the Mozilla Firefox browser to the 24.3.0ESR
security release. The Mozilla NSS libraries are now on
version 3.15.4.

The following security issues have been fixed:

*

MFSA 2014-01: Memory safety bugs fixed in Firefox ESR
24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345)

*

MFSA 2014-02: Using XBL scopes its possible to
steal(clone) native anonymous content
(CVE-2014-1479)(bnc#862348)

*

MFSA 2014-03: Download 'open file' dialog delay is
too quick, doesn't prevent clickjacking (CVE-2014-1480)

*

MFSA 2014-04: Image decoding causing FireFox to crash
with Goo Create (CVE-2014-1482)(bnc#862356)

*

MFSA 2014-05: caretPositionFromPoint and
elementFromPoint leak information about iframe contents via
timing information (CVE-2014-1483)(bnc#862360)

*

MFSA 2014-06: Fennec leaks profile path to logcat
(CVE-2014-1484)

*

MFSA 2014-07: CSP should block XSLT as script, not as
style (CVE-2014-1485)

*

MFSA 2014-08: imgRequestProxy Use-After-Free Remote
Code Execution Vulnerability (CVE-2014-1486)

*

MFSA 2014-09: Cross-origin information disclosure
with error message of Web Workers (CVE-2014-1487)

*

MFSA 2014-10: settings & history ID bug
(CVE-2014-1489)

*

MFSA 2014-11: Firefox reproducibly crashes when using
asm.js code in workers and transferable objects
(CVE-2014-1488)

*

MFSA 2014-12: TOCTOU, potential use-after-free in
libssl's session ticket processing
(CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH
value (CVE-2014-1491)(bnc#862289)

*

MFSA 2014-13: Inconsistent this value when invoking
getters on window (CVE-2014-1481)(bnc#862309)

Security Issue references:

* CVE-2014-1477

* CVE-2014-1479

* CVE-2014-1480

* CVE-2014-1481

* CVE-2014-1482

* CVE-2014-1483
Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
MozillaFirefox on SUSE Linux Enterprise Server 11 SP3

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-1477
BugTraq ID: 65317
http://www.securityfocus.com/bid/65317
Debian Security Information: DSA-2858 (Google Search)
http://www.debian.org/security/2014/dsa-2858
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html
https://security.gentoo.org/glsa/201504-01
http://osvdb.org/102864
RedHat Security Advisories: RHSA-2014:0132
http://rhn.redhat.com/errata/RHSA-2014-0132.html
RedHat Security Advisories: RHSA-2014:0133
http://rhn.redhat.com/errata/RHSA-2014-0133.html
http://www.securitytracker.com/id/1029717
http://www.securitytracker.com/id/1029720
http://www.securitytracker.com/id/1029721
http://secunia.com/advisories/56706
http://secunia.com/advisories/56761
http://secunia.com/advisories/56763
http://secunia.com/advisories/56767
http://secunia.com/advisories/56787
http://secunia.com/advisories/56858
http://secunia.com/advisories/56888
SuSE Security Announcement: SUSE-SU-2014:0248 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
SuSE Security Announcement: openSUSE-SU-2014:0212 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
SuSE Security Announcement: openSUSE-SU-2014:0213 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html
SuSE Security Announcement: openSUSE-SU-2014:0419 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://www.ubuntu.com/usn/USN-2102-1
http://www.ubuntu.com/usn/USN-2102-2
http://www.ubuntu.com/usn/USN-2119-1
XForce ISS Database: firefox-cve20141477-code-exec(90899)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90899
Common Vulnerability Exposure (CVE) ID: CVE-2014-1479
BugTraq ID: 65320
http://www.securityfocus.com/bid/65320
http://osvdb.org/102866
http://secunia.com/advisories/56922
XForce ISS Database: firefox-cve20141479-sec-bypass(90898)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90898
Common Vulnerability Exposure (CVE) ID: CVE-2014-1480
BugTraq ID: 65331
http://www.securityfocus.com/bid/65331
http://osvdb.org/102867
XForce ISS Database: firefox-cve20141480-spoofing(90897)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90897
Common Vulnerability Exposure (CVE) ID: CVE-2014-1481
BugTraq ID: 65326
http://www.securityfocus.com/bid/65326
http://osvdb.org/102863
XForce ISS Database: firefox-cve20141481-sec-bypass(90883)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90883
Common Vulnerability Exposure (CVE) ID: CVE-2014-1482
BugTraq ID: 65328
http://www.securityfocus.com/bid/65328
http://osvdb.org/102868
XForce ISS Database: firefox-cve20141482-code-exec(90894)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90894
Common Vulnerability Exposure (CVE) ID: CVE-2014-1483
BugTraq ID: 65316
http://www.securityfocus.com/bid/65316
http://osvdb.org/102869
XForce ISS Database: firefox-cve20141483-info-disc(90893)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90893
Common Vulnerability Exposure (CVE) ID: CVE-2014-1484
BugTraq ID: 65323
http://www.securityfocus.com/bid/65323
Bugtraq: 20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516) (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html
http://osvdb.org/102870
http://www.securitytracker.com/id/1029719
XForce ISS Database: firefox-android-cve20141484-info-disc(90892)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90892
Common Vulnerability Exposure (CVE) ID: CVE-2014-1485
BugTraq ID: 65322
http://www.securityfocus.com/bid/65322
http://osvdb.org/102871
XForce ISS Database: firefox-xslt-cve20141485xss(90891)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90891
Common Vulnerability Exposure (CVE) ID: CVE-2014-1486
BugTraq ID: 65334
http://www.securityfocus.com/bid/65334
http://osvdb.org/102872
XForce ISS Database: firefox-cve20141486-code-exec(90890)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90890
Common Vulnerability Exposure (CVE) ID: CVE-2014-1487
BugTraq ID: 65330
http://www.securityfocus.com/bid/65330
http://osvdb.org/102873
XForce ISS Database: mozilla-cve20141487-info-disc(90889)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90889
Common Vulnerability Exposure (CVE) ID: CVE-2014-1488
BugTraq ID: 65321
http://www.securityfocus.com/bid/65321
http://osvdb.org/102875
XForce ISS Database: firefox-cve20141488-dos(90887)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90887
Common Vulnerability Exposure (CVE) ID: CVE-2014-1489
BugTraq ID: 65329
http://www.securityfocus.com/bid/65329
http://osvdb.org/102874
XForce ISS Database: firefox-cve20141489-sec-bypass(90888)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90888
Common Vulnerability Exposure (CVE) ID: CVE-2014-1490
BugTraq ID: 65335
http://www.securityfocus.com/bid/65335
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://seclists.org/fulldisclosure/2014/Dec/23
http://osvdb.org/102876
XForce ISS Database: mozilla-nss-cve20141490-code-exec(90885)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90885
Common Vulnerability Exposure (CVE) ID: CVE-2014-1491
BugTraq ID: 65332
http://www.securityfocus.com/bid/65332
Debian Security Information: DSA-2994 (Google Search)
http://www.debian.org/security/2014/dsa-2994
XForce ISS Database: firefox-nss-cve20141491-unspecified(90886)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90886
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.