Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.851568
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:1620-1)
Summary:The remote host is missing an update for the 'Mozilla'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'Mozilla'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for Mozilla Firefox, Thunderbird, and NSS fixes the following
issues:

Mozilla Firefox was updated to 52.2esr (boo#1043960) MFSA 2017-16:

* CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when
regenerating trees

* CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading

* CVE-2017-7750 (bmo#1356558) Use-after-free with track elements

* CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners

* CVE-2017-7752 (bmo#1359547) Use-after-free with IME input

* CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo
object

* CVE-2017-7755 (bmo#1361326) Privilege escalation through Firefox
Installer with same directory DLL files (Windows only)

* CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging
XHR header errors

* CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB

* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
CVE-2017-7777 Vulnerabilities in the Graphite 2 library

* CVE-2017-7758 (bmo#1368490) Out-of-bounds read in Opus encoder

* CVE-2017-7760 (bmo#1348645) File manipulation and privilege escalation
via callback parameter in Mozilla Windows Updater and Maintenance
Service (Windows only)

* CVE-2017-7761 (bmo#1215648) File deletion and privilege escalation
through Mozilla Maintenance Service helper.exe application (Windows only)

* CVE-2017-7764 (bmo#1364283) Domain spoofing with combination of Canadian
Syllabics and other unicode blocks

* CVE-2017-7765 (bmo#1273265) Mark of the Web bypass when saving
executable files (Windows only)

* CVE-2017-7766 (bmo#1342742) File execution and privilege escalation
through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance
Service (Windows only)

* CVE-2017-7767 (bmo#1336964) Privilege escalation and arbitrary file
overwrites through Mozilla Windows Updater and Mozilla Maintenance
Service (Windows only)

* CVE-2017-7768 (bmo#1336979) 32 byte arbitrary file read through Mozilla
Maintenance Service (Windows only)

* CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2

- remove -fno-inline-small-functions and explicitly optimize with

- O2 for openSUSE 13.2/Leap 42 to work with gcc7 (boo#1040105)

Mozilla NSS was updated to NSS 3.28.5

* Implemented domain name constraints for CA: TUBITAK Kamu SM SSL Kok
Sertifikasi - Surum 1. (bmo#1350859)

* March 2017 batch of root CA changes (bmo#1350859) (version 2.14) CA
certificates removed: O = Japanese Government, OU = ApplicationCA CN ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
Mozilla on openSUSE Leap 42.2

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-5470
BugTraq ID: 99041
http://www.securityfocus.com/bid/99041
Debian Security Information: DSA-3881 (Google Search)
https://www.debian.org/security/2017/dsa-3881
Debian Security Information: DSA-3918 (Google Search)
https://www.debian.org/security/2017/dsa-3918
RedHat Security Advisories: RHSA-2017:1440
https://access.redhat.com/errata/RHSA-2017:1440
RedHat Security Advisories: RHSA-2017:1561
https://access.redhat.com/errata/RHSA-2017:1561
http://www.securitytracker.com/id/1038689
Common Vulnerability Exposure (CVE) ID: CVE-2017-5472
BugTraq ID: 99040
http://www.securityfocus.com/bid/99040
Common Vulnerability Exposure (CVE) ID: CVE-2017-7749
BugTraq ID: 99057
http://www.securityfocus.com/bid/99057
Common Vulnerability Exposure (CVE) ID: CVE-2017-7750
Common Vulnerability Exposure (CVE) ID: CVE-2017-7751
Common Vulnerability Exposure (CVE) ID: CVE-2017-7752
Common Vulnerability Exposure (CVE) ID: CVE-2017-7754
Common Vulnerability Exposure (CVE) ID: CVE-2017-7755
Common Vulnerability Exposure (CVE) ID: CVE-2017-7756
Common Vulnerability Exposure (CVE) ID: CVE-2017-7757
Common Vulnerability Exposure (CVE) ID: CVE-2017-7758
Common Vulnerability Exposure (CVE) ID: CVE-2017-7760
Common Vulnerability Exposure (CVE) ID: CVE-2017-7761
https://sourceforge.net/p/nsis/bugs/1125/
Common Vulnerability Exposure (CVE) ID: CVE-2017-7764
http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts
Common Vulnerability Exposure (CVE) ID: CVE-2017-7765
Common Vulnerability Exposure (CVE) ID: CVE-2017-7766
Common Vulnerability Exposure (CVE) ID: CVE-2017-7767
Common Vulnerability Exposure (CVE) ID: CVE-2017-7768
Common Vulnerability Exposure (CVE) ID: CVE-2017-7771
Common Vulnerability Exposure (CVE) ID: CVE-2017-7772
Common Vulnerability Exposure (CVE) ID: CVE-2017-7773
Common Vulnerability Exposure (CVE) ID: CVE-2017-7774
Common Vulnerability Exposure (CVE) ID: CVE-2017-7775
Common Vulnerability Exposure (CVE) ID: CVE-2017-7776
Common Vulnerability Exposure (CVE) ID: CVE-2017-7777
Common Vulnerability Exposure (CVE) ID: CVE-2017-7778
Debian Security Information: DSA-3894 (Google Search)
https://www.debian.org/security/2017/dsa-3894
https://security.gentoo.org/glsa/201710-13
RedHat Security Advisories: RHSA-2017:1793
https://access.redhat.com/errata/RHSA-2017:1793
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.