Test ID:	1.3.6.1.4.1.25623.1.0.851048
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory for Mozilla (SUSE-SU-2015:0173-1)
Summary:	The remote host is missing an update for the 'Mozilla'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'Mozilla' package(s) announced via the referenced advisory. Vulnerability Insight: Mozilla Firefox has been updated to the 31.4.0ESR release, fixing bugs and security issues. Mozilla NSS has been updated to 3.17.3, fixing a security issue and updating the root certificates list. For more information, please refer to Security Issues: * CVE-2014-1569 * CVE-2014-8634 * CVE-2014-8639 * CVE-2014-8641 * CVE-2014-8638 * CVE-2014-8636 * CVE-2014-8637 * CVE-2014-8640 Affected Software/OS: Mozilla on SUSE Linux Enterprise Server 11 SP2 LTSS, SUSE Linux Enterprise Server 11 SP1 LTSS Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1569 Debian Security Information: DSA-3186 (Google Search) http://www.debian.org/security/2015/dsa-3186 http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf https://www.imperialviolet.org/2014/09/26/pkcs1.html https://www.reddit.com/r/netsec/comments/2hd1m8/rsa_signature_forgery_in_nss/cksnr02 http://www.securitytracker.com/id/1032909 SuSE Security Announcement: SUSE-SU-2015:0171 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html SuSE Security Announcement: SUSE-SU-2015:0173 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html SuSE Security Announcement: SUSE-SU-2015:0180 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html SuSE Security Announcement: openSUSE-SU-2015:0138 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html SuSE Security Announcement: openSUSE-SU-2015:0404 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2014-8634 BugTraq ID: 72049 http://www.securityfocus.com/bid/72049 Debian Security Information: DSA-3127 (Google Search) http://www.debian.org/security/2015/dsa-3127 Debian Security Information: DSA-3132 (Google Search) http://www.debian.org/security/2015/dsa-3132 https://security.gentoo.org/glsa/201504-01 RedHat Security Advisories: RHSA-2015:0046 http://rhn.redhat.com/errata/RHSA-2015-0046.html RedHat Security Advisories: RHSA-2015:0047 http://rhn.redhat.com/errata/RHSA-2015-0047.html http://www.securitytracker.com/id/1031533 http://www.securitytracker.com/id/1031534 http://secunia.com/advisories/62237 http://secunia.com/advisories/62242 http://secunia.com/advisories/62250 http://secunia.com/advisories/62253 http://secunia.com/advisories/62259 http://secunia.com/advisories/62273 http://secunia.com/advisories/62274 http://secunia.com/advisories/62283 http://secunia.com/advisories/62293 http://secunia.com/advisories/62304 http://secunia.com/advisories/62313 http://secunia.com/advisories/62315 http://secunia.com/advisories/62316 http://secunia.com/advisories/62418 http://secunia.com/advisories/62446 http://secunia.com/advisories/62657 http://secunia.com/advisories/62790 SuSE Security Announcement: openSUSE-SU-2015:0077 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:0133 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html SuSE Security Announcement: openSUSE-SU-2015:0192 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2460-1 XForce ISS Database: firefox-cve20148634-code-exec(99955) https://exchange.xforce.ibmcloud.com/vulnerabilities/99955 Common Vulnerability Exposure (CVE) ID: CVE-2014-8636 BugTraq ID: 72041 http://www.securityfocus.com/bid/72041 http://packetstormsecurity.com/files/130972/Firefox-Proxy-Prototype-Privileged-Javascript-Injection.html https://community.rapid7.com/community/metasploit/blog/2015/03/23/r7-2015-04-disclosure-mozilla-firefox-proxy-prototype-rce-cve-2014-8636 XForce ISS Database: firefox-cve20148636-sec-bypass(99964) https://exchange.xforce.ibmcloud.com/vulnerabilities/99964 Common Vulnerability Exposure (CVE) ID: CVE-2014-8637 BugTraq ID: 72048 http://www.securityfocus.com/bid/72048 XForce ISS Database: firefox-cve20148637-info-disc(99957) https://exchange.xforce.ibmcloud.com/vulnerabilities/99957 Common Vulnerability Exposure (CVE) ID: CVE-2014-8638 BugTraq ID: 72047 http://www.securityfocus.com/bid/72047 XForce ISS Database: firefox-cve20148638-csrf(99958) https://exchange.xforce.ibmcloud.com/vulnerabilities/99958 Common Vulnerability Exposure (CVE) ID: CVE-2014-8639 BugTraq ID: 72046 http://www.securityfocus.com/bid/72046 XForce ISS Database: firefox-cve20148639-session-hijacking(99959) https://exchange.xforce.ibmcloud.com/vulnerabilities/99959 Common Vulnerability Exposure (CVE) ID: CVE-2014-8640 BugTraq ID: 72045 http://www.securityfocus.com/bid/72045 XForce ISS Database: firefox-cve20148640-info-disc(99960) https://exchange.xforce.ibmcloud.com/vulnerabilities/99960 Common Vulnerability Exposure (CVE) ID: CVE-2014-8641 BugTraq ID: 72044 http://www.securityfocus.com/bid/72044 XForce ISS Database: firefox-cve20148641-dos(99961) https://exchange.xforce.ibmcloud.com/vulnerabilities/99961
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.