Test ID:	1.3.6.1.4.1.25623.1.0.851005
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2015:1476-1)
Summary:	The remote host is missing an update for the 'MozillaFirefox'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the referenced advisory. Vulnerability Insight: Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical and non critical security vulnerabilities. - Firefox was updated to 38.2.1 ESR (bsc#943608) * MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass through data URLs - Firefox was updated to 38.2.0 ESR (bsc#940806) * MFSA 2015-78/CVE-2015-4495 (bmo#1178058, bmo#1179262) Same origin violation and local file stealing via PDF reader * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 (bmo#1143130, bmo#1161719, bmo#1177501, bmo#1181204, bmo#1184068, bmo#1188590, bmo#1146213, bmo#1178890, bmo#1182711) Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties * MFSA 2015-83/CVE-2015-4479 (bmo#1185115, bmo#1144107, bmo#1170344, bmo#1186718) Overflow issues in libstagefright * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 (bmo#1176270, bmo#1182723, bmo#1171603) Vulnerabilities found through code inspection * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers Mozilla NSS switched the CKBI ABI from 1.98 to 2.4, which is what Firefox 38ESR uses. Affected Software/OS: MozillaFirefox, on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12 Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4473 Debian Security Information: DSA-3333 (Google Search) http://www.debian.org/security/2015/dsa-3333 Debian Security Information: DSA-3410 (Google Search) http://www.debian.org/security/2015/dsa-3410 https://security.gentoo.org/glsa/201605-06 RedHat Security Advisories: RHSA-2015:1586 http://rhn.redhat.com/errata/RHSA-2015-1586.html RedHat Security Advisories: RHSA-2015:1682 http://rhn.redhat.com/errata/RHSA-2015-1682.html http://www.securitytracker.com/id/1033247 http://www.securitytracker.com/id/1033372 SuSE Security Announcement: SUSE-SU-2015:1449 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html SuSE Security Announcement: SUSE-SU-2015:1528 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html SuSE Security Announcement: SUSE-SU-2015:2081 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html SuSE Security Announcement: openSUSE-SU-2015:1389 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:1390 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html SuSE Security Announcement: openSUSE-SU-2015:1453 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html SuSE Security Announcement: openSUSE-SU-2015:1454 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http://www.ubuntu.com/usn/USN-2702-1 http://www.ubuntu.com/usn/USN-2702-2 http://www.ubuntu.com/usn/USN-2702-3 http://www.ubuntu.com/usn/USN-2712-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-4474 Common Vulnerability Exposure (CVE) ID: CVE-2015-4475 BugTraq ID: 76294 http://www.securityfocus.com/bid/76294 Common Vulnerability Exposure (CVE) ID: CVE-2015-4478 Common Vulnerability Exposure (CVE) ID: CVE-2015-4479 http://www.zerodayinitiative.com/advisories/ZDI-15-456 Common Vulnerability Exposure (CVE) ID: CVE-2015-4484 Common Vulnerability Exposure (CVE) ID: CVE-2015-4485 Common Vulnerability Exposure (CVE) ID: CVE-2015-4486 Common Vulnerability Exposure (CVE) ID: CVE-2015-4487 Common Vulnerability Exposure (CVE) ID: CVE-2015-4488 Common Vulnerability Exposure (CVE) ID: CVE-2015-4489 Common Vulnerability Exposure (CVE) ID: CVE-2015-4491 Debian Security Information: DSA-3337 (Google Search) http://www.debian.org/security/2015/dsa-3337 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html https://security.gentoo.org/glsa/201512-05 RedHat Security Advisories: RHSA-2015:1694 http://rhn.redhat.com/errata/RHSA-2015-1694.html SuSE Security Announcement: openSUSE-SU-2015:1500 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html http://www.ubuntu.com/usn/USN-2722-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-4492 BugTraq ID: 76297 http://www.securityfocus.com/bid/76297 Common Vulnerability Exposure (CVE) ID: CVE-2015-4495 BugTraq ID: 76249 http://www.securityfocus.com/bid/76249 https://www.exploit-db.com/exploits/37772/ https://security.gentoo.org/glsa/201512-10 RedHat Security Advisories: RHSA-2015:1581 http://rhn.redhat.com/errata/RHSA-2015-1581.html http://www.securitytracker.com/id/1033216 SuSE Security Announcement: SUSE-SU-2015:1379 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html SuSE Security Announcement: SUSE-SU-2015:1380 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html http://www.ubuntu.com/usn/USN-2707-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-4497 BugTraq ID: 76502 http://www.securityfocus.com/bid/76502 Debian Security Information: DSA-3345 (Google Search) http://www.debian.org/security/2015/dsa-3345 http://www.zerodayinitiative.com/advisories/ZDI-15-406 RedHat Security Advisories: RHSA-2015:1693 http://rhn.redhat.com/errata/RHSA-2015-1693.html http://www.securitytracker.com/id/1033397 SuSE Security Announcement: SUSE-SU-2015:1504 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html SuSE Security Announcement: openSUSE-SU-2015:1492 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-09/msg00000.html http://www.ubuntu.com/usn/USN-2723-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-4498 BugTraq ID: 76505 http://www.securityfocus.com/bid/76505 http://www.securitytracker.com/id/1033396
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.