Test ID:	1.3.6.1.4.1.25623.1.1.4.2013.1497.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2013:1497-1)
Summary:	The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2013:1497-1 advisory.
Description:	Summary: The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2013:1497-1 advisory. Vulnerability Insight: This update to Firefox 17.0.9esr (bnc#840485) addresses: * MFSA 2013-91 User-defined properties on DOM proxies get the wrong 'this' object o (CVE-2013-1737) * MFSA 2013-90 Memory corruption involving scrolling o use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735) o Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736) * MFSA 2013-89 Buffer overflow with multi-column, lists, and floats o buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732) * MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes o compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730) * MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification o MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726) * MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption o ABORT: bad scope for new JSObjects: ReparentWrapper / document.open (CVE-2013-1725) * MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning o Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722) * MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718) * MFSA 2013-65 Buffer underflow when generating CRMF requests o ASAN heap-buffer-overflow (read 1) in cryptojs_interpret_key_gen_type (CVE-2013-1705) Security Issue references: * CVE-2013-1737 > * CVE-2013-1735 > * CVE-2013-1736 > * CVE-2013-1732 > * CVE-2013-1730 > * CVE-2013-1726 > * CVE-2013-1725 > * CVE-2013-1722 > * CVE-2013-1718 > * CVE-2013-1705 > Affected Software/OS: 'Mozilla Firefox' package(s) on SUSE Linux Enterprise Desktop 11-SP2, SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Server 11-SP2, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Software Development Kit 11-SP3. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1705 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18935 SuSE Security Announcement: openSUSE-SU-2013:1496 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00060.html SuSE Security Announcement: openSUSE-SU-2013:1633 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1718 BugTraq ID: 62463 http://www.securityfocus.com/bid/62463 Debian Security Information: DSA-2762 (Google Search) http://www.debian.org/security/2013/dsa-2762 http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18939 RedHat Security Advisories: RHSA-2013:1268 http://rhn.redhat.com/errata/RHSA-2013-1268.html RedHat Security Advisories: RHSA-2013:1269 http://rhn.redhat.com/errata/RHSA-2013-1269.html SuSE Security Announcement: openSUSE-SU-2013:1491 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html SuSE Security Announcement: openSUSE-SU-2013:1493 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html SuSE Security Announcement: openSUSE-SU-2013:1495 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html SuSE Security Announcement: openSUSE-SU-2013:1499 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html http://www.ubuntu.com/usn/USN-1951-1 http://www.ubuntu.com/usn/USN-1952-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1722 BugTraq ID: 62460 http://www.securityfocus.com/bid/62460 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19031 Common Vulnerability Exposure (CVE) ID: CVE-2013-1725 BugTraq ID: 62467 http://www.securityfocus.com/bid/62467 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19025 Common Vulnerability Exposure (CVE) ID: CVE-2013-1726 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18821 Common Vulnerability Exposure (CVE) ID: CVE-2013-1730 BugTraq ID: 62473 http://www.securityfocus.com/bid/62473 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19022 Common Vulnerability Exposure (CVE) ID: CVE-2013-1732 BugTraq ID: 62469 http://www.securityfocus.com/bid/62469 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18520 Common Vulnerability Exposure (CVE) ID: CVE-2013-1735 BugTraq ID: 62479 http://www.securityfocus.com/bid/62479 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18443 Common Vulnerability Exposure (CVE) ID: CVE-2013-1736 BugTraq ID: 62478 http://www.securityfocus.com/bid/62478 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18856 Common Vulnerability Exposure (CVE) ID: CVE-2013-1737 BugTraq ID: 62475 http://www.securityfocus.com/bid/62475 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18789
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.