Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2014:0248-1)
Summary:The remote host is missing an update for the 'MozillaFirefox'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'MozillaFirefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This updates the Mozilla Firefox browser to the 24.3.0ESR
security release. The Mozilla NSS libraries are now on
version 3.15.4.

The following security issues have been fixed:


MFSA 2014-01: Memory safety bugs fixed in Firefox ESR
24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345)


MFSA 2014-02: Using XBL scopes its possible to
steal(clone) native anonymous content


MFSA 2014-03: Download 'open file' dialog delay is
too quick, doesn't prevent clickjacking (CVE-2014-1480)


MFSA 2014-04: Image decoding causing FireFox to crash
with Goo Create (CVE-2014-1482)(bnc#862356)


MFSA 2014-05: caretPositionFromPoint and
elementFromPoint leak information about iframe contents via
timing information (CVE-2014-1483)(bnc#862360)


MFSA 2014-06: Fennec leaks profile path to logcat


MFSA 2014-07: CSP should block XSLT as script, not as
style (CVE-2014-1485)


MFSA 2014-08: imgRequestProxy Use-After-Free Remote
Code Execution Vulnerability (CVE-2014-1486)


MFSA 2014-09: Cross-origin information disclosure
with error message of Web Workers (CVE-2014-1487)


MFSA 2014-10: settings & history ID bug


MFSA 2014-11: Firefox reproducibly crashes when using
asm.js code in workers and transferable objects


MFSA 2014-12: TOCTOU, potential use-after-free in
libssl's session ticket processing
(CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH
value (CVE-2014-1491)(bnc#862289)


MFSA 2014-13: Inconsistent this value when invoking
getters on window (CVE-2014-1481)(bnc#862309)

Security Issue references:

* CVE-2014-1477

* CVE-2014-1479

* CVE-2014-1480

* CVE-2014-1481

* CVE-2014-1482

* CVE-2014-1483
Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
MozillaFirefox on SUSE Linux Enterprise Server 11 SP3

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-1477
BugTraq ID: 65317
Debian Security Information: DSA-2858 (Google Search)
RedHat Security Advisories: RHSA-2014:0132
RedHat Security Advisories: RHSA-2014:0133
SuSE Security Announcement: SUSE-SU-2014:0248 (Google Search)
SuSE Security Announcement: openSUSE-SU-2014:0212 (Google Search)
SuSE Security Announcement: openSUSE-SU-2014:0213 (Google Search)
SuSE Security Announcement: openSUSE-SU-2014:0419 (Google Search)
XForce ISS Database: firefox-cve20141477-code-exec(90899)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1479
BugTraq ID: 65320
XForce ISS Database: firefox-cve20141479-sec-bypass(90898)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1480
BugTraq ID: 65331
XForce ISS Database: firefox-cve20141480-spoofing(90897)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1481
BugTraq ID: 65326
XForce ISS Database: firefox-cve20141481-sec-bypass(90883)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1482
BugTraq ID: 65328
XForce ISS Database: firefox-cve20141482-code-exec(90894)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1483
BugTraq ID: 65316
XForce ISS Database: firefox-cve20141483-info-disc(90893)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1484
BugTraq ID: 65323
Bugtraq: 20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516) (Google Search)
XForce ISS Database: firefox-android-cve20141484-info-disc(90892)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1485
BugTraq ID: 65322
XForce ISS Database: firefox-xslt-cve20141485xss(90891)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1486
BugTraq ID: 65334
XForce ISS Database: firefox-cve20141486-code-exec(90890)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1487
BugTraq ID: 65330
XForce ISS Database: mozilla-cve20141487-info-disc(90889)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1488
BugTraq ID: 65321
XForce ISS Database: firefox-cve20141488-dos(90887)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1489
BugTraq ID: 65329
XForce ISS Database: firefox-cve20141489-sec-bypass(90888)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1490
BugTraq ID: 65335
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
XForce ISS Database: mozilla-nss-cve20141490-code-exec(90885)
Common Vulnerability Exposure (CVE) ID: CVE-2014-1491
BugTraq ID: 65332
Debian Security Information: DSA-2994 (Google Search)
XForce ISS Database: firefox-nss-cve20141491-unspecified(90886)
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.