Test ID:	1.3.6.1.4.1.25623.1.0.850999
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2015:1680-1)
Summary:	The remote host is missing an update for the 'MozillaFirefox'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the referenced advisory. Vulnerability Insight: Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Affected Software/OS: MozillaFirefox, on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12 Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4500 BugTraq ID: 76816 http://www.securityfocus.com/bid/76816 Debian Security Information: DSA-3365 (Google Search) http://www.debian.org/security/2015/dsa-3365 RedHat Security Advisories: RHSA-2015:1834 http://rhn.redhat.com/errata/RHSA-2015-1834.html RedHat Security Advisories: RHSA-2015:1852 http://rhn.redhat.com/errata/RHSA-2015-1852.html http://www.securitytracker.com/id/1033640 SuSE Security Announcement: SUSE-SU-2015:1680 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html SuSE Security Announcement: SUSE-SU-2015:1703 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html SuSE Security Announcement: SUSE-SU-2015:2081 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html SuSE Security Announcement: openSUSE-SU-2015:1658 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html SuSE Security Announcement: openSUSE-SU-2015:1679 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html SuSE Security Announcement: openSUSE-SU-2015:1681 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html http://www.ubuntu.com/usn/USN-2743-1 http://www.ubuntu.com/usn/USN-2743-2 http://www.ubuntu.com/usn/USN-2743-3 http://www.ubuntu.com/usn/USN-2743-4 http://www.ubuntu.com/usn/USN-2754-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-4501 Common Vulnerability Exposure (CVE) ID: CVE-2015-4506 Common Vulnerability Exposure (CVE) ID: CVE-2015-4509 http://www.zerodayinitiative.com/advisories/ZDI-15-646 Common Vulnerability Exposure (CVE) ID: CVE-2015-4511 Common Vulnerability Exposure (CVE) ID: CVE-2015-4517 Common Vulnerability Exposure (CVE) ID: CVE-2015-4519 Common Vulnerability Exposure (CVE) ID: CVE-2015-4520 Common Vulnerability Exposure (CVE) ID: CVE-2015-4521 Common Vulnerability Exposure (CVE) ID: CVE-2015-4522 Common Vulnerability Exposure (CVE) ID: CVE-2015-7174 Common Vulnerability Exposure (CVE) ID: CVE-2015-7175 Common Vulnerability Exposure (CVE) ID: CVE-2015-7176 Common Vulnerability Exposure (CVE) ID: CVE-2015-7177 Common Vulnerability Exposure (CVE) ID: CVE-2015-7180
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.