| Description: | Summary:
The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2013:1919-1 advisory.
Vulnerability Insight:
MozillaFirefox has been updated to the 24.2.0 ESR security release.
This is a major upgrade from the 17 ESR release branch.
Security issues fixed:
* CVE-2013-5611 Application Installation doorhanger persists on navigation (MFSA 2013-105)
* CVE-2013-5609 Miscellaneous memory safety hazards
(rv:24.2) (MFSA 2013-104)
* CVE-2013-5610 Miscellaneous memory safety hazards
(rv:26.0) (MFSA 2013-104)
* CVE-2013-5612 Character encoding cross-origin XSS attack (MFSA 2013-106)
* CVE-2013-5614 Sandbox restrictions not applied to nested object elements (MFSA 2013-107)
* CVE-2013-5616 Use-after-free in event listeners (MFSA 2013-108)
* CVE-2013-5619 Potential overflow in JavaScript binary search algorithms (MFSA 2013-110)
* CVE-2013-6671 Segmentation violation when replacing ordered list elements (MFSA 2013-111)
* CVE-2013-6673 Trust settings for built-in roots ignored during EV certificate validation (MFSA 2013-113)
* CVE-2013-5613 Use-after-free in synthetic mouse movement (MFSA 2013-114)
* CVE-2013-5615 GetElementIC typed array stubs can be generated outside observed typesets (MFSA 2013-115)
* CVE-2013-6672 Linux clipboard information disclosure though selection paste (MFSA 2013-112)
* CVE-2013-5618 Use-after-free during Table Editing
(MFSA 2013-109)
Security Issue references:
* CVE-2013-5609
>
* CVE-2013-5610
>
* CVE-2013-5611
>
* CVE-2013-5612
>
* CVE-2013-5613
>
* CVE-2013-5614
>
* CVE-2013-5615
>
* CVE-2013-5616
>
* CVE-2013-5618
>
* CVE-2013-5619
>
* CVE-2013-6671
>
* CVE-2013-6672
>
* CVE-2013-6673
>
Affected Software/OS:
'Mozilla Firefox' package(s) on SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Software Development Kit 11-SP3.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
