Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2014.0248.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2014:0248-1)
Summary:The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2014:0248-1 advisory.
Description:Summary:
The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2014:0248-1 advisory.

Vulnerability Insight:
This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4.

The following security issues have been fixed:

*

MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345)

*

MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content
(CVE-2014-1479)(bnc#862348)

*

MFSA 2014-03: Download 'open file' dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480)

*

MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356)

*

MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360)

*

MFSA 2014-06: Fennec leaks profile path to logcat
(CVE-2014-1484)

*

MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485)

*

MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486)

*

MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487)

*

MFSA 2014-10: settings & history ID bug
(CVE-2014-1489)

*

MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects
(CVE-2014-1488)

*

MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing
(CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289)

*

MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309)

Security Issue references:

* CVE-2014-1477
>
* CVE-2014-1479
>
* CVE-2014-1480
>
* CVE-2014-1481
>
* CVE-2014-1482
>
* CVE-2014-1483
>
* CVE-2014-1484
>
* CVE-2014-1485
>
* CVE-2014-1486
>
* CVE-2014-1487
>
* CVE-2014-1488
>
* CVE-2014-1489
>
* CVE-2014-1490
>
* CVE-2014-1491
>

Affected Software/OS:
'MozillaFirefox' package(s) on SUSE Linux Enterprise Desktop 11 SP3, SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Software Development Kit 11 SP3.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-1477
BugTraq ID: 65317
http://www.securityfocus.com/bid/65317
Debian Security Information: DSA-2858 (Google Search)
http://www.debian.org/security/2014/dsa-2858
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html
https://security.gentoo.org/glsa/201504-01
http://osvdb.org/102864
RedHat Security Advisories: RHSA-2014:0132
http://rhn.redhat.com/errata/RHSA-2014-0132.html
RedHat Security Advisories: RHSA-2014:0133
http://rhn.redhat.com/errata/RHSA-2014-0133.html
http://www.securitytracker.com/id/1029717
http://www.securitytracker.com/id/1029720
http://www.securitytracker.com/id/1029721
http://secunia.com/advisories/56706
http://secunia.com/advisories/56761
http://secunia.com/advisories/56763
http://secunia.com/advisories/56767
http://secunia.com/advisories/56787
http://secunia.com/advisories/56858
http://secunia.com/advisories/56888
SuSE Security Announcement: SUSE-SU-2014:0248 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
SuSE Security Announcement: openSUSE-SU-2014:0212 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
SuSE Security Announcement: openSUSE-SU-2014:0213 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html
SuSE Security Announcement: openSUSE-SU-2014:0419 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://www.ubuntu.com/usn/USN-2102-1
http://www.ubuntu.com/usn/USN-2102-2
http://www.ubuntu.com/usn/USN-2119-1
XForce ISS Database: firefox-cve20141477-code-exec(90899)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90899
Common Vulnerability Exposure (CVE) ID: CVE-2014-1479
BugTraq ID: 65320
http://www.securityfocus.com/bid/65320
http://osvdb.org/102866
http://secunia.com/advisories/56922
XForce ISS Database: firefox-cve20141479-sec-bypass(90898)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90898
Common Vulnerability Exposure (CVE) ID: CVE-2014-1480
BugTraq ID: 65331
http://www.securityfocus.com/bid/65331
http://osvdb.org/102867
XForce ISS Database: firefox-cve20141480-spoofing(90897)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90897
Common Vulnerability Exposure (CVE) ID: CVE-2014-1481
BugTraq ID: 65326
http://www.securityfocus.com/bid/65326
http://osvdb.org/102863
XForce ISS Database: firefox-cve20141481-sec-bypass(90883)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90883
Common Vulnerability Exposure (CVE) ID: CVE-2014-1482
BugTraq ID: 65328
http://www.securityfocus.com/bid/65328
http://osvdb.org/102868
XForce ISS Database: firefox-cve20141482-code-exec(90894)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90894
Common Vulnerability Exposure (CVE) ID: CVE-2014-1483
BugTraq ID: 65316
http://www.securityfocus.com/bid/65316
http://osvdb.org/102869
XForce ISS Database: firefox-cve20141483-info-disc(90893)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90893
Common Vulnerability Exposure (CVE) ID: CVE-2014-1484
BugTraq ID: 65323
http://www.securityfocus.com/bid/65323
Bugtraq: 20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516) (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html
http://osvdb.org/102870
http://www.securitytracker.com/id/1029719
XForce ISS Database: firefox-android-cve20141484-info-disc(90892)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90892
Common Vulnerability Exposure (CVE) ID: CVE-2014-1485
BugTraq ID: 65322
http://www.securityfocus.com/bid/65322
http://osvdb.org/102871
XForce ISS Database: firefox-xslt-cve20141485xss(90891)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90891
Common Vulnerability Exposure (CVE) ID: CVE-2014-1486
BugTraq ID: 65334
http://www.securityfocus.com/bid/65334
http://osvdb.org/102872
XForce ISS Database: firefox-cve20141486-code-exec(90890)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90890
Common Vulnerability Exposure (CVE) ID: CVE-2014-1487
BugTraq ID: 65330
http://www.securityfocus.com/bid/65330
http://osvdb.org/102873
XForce ISS Database: mozilla-cve20141487-info-disc(90889)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90889
Common Vulnerability Exposure (CVE) ID: CVE-2014-1488
BugTraq ID: 65321
http://www.securityfocus.com/bid/65321
http://osvdb.org/102875
XForce ISS Database: firefox-cve20141488-dos(90887)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90887
Common Vulnerability Exposure (CVE) ID: CVE-2014-1489
BugTraq ID: 65329
http://www.securityfocus.com/bid/65329
http://osvdb.org/102874
XForce ISS Database: firefox-cve20141489-sec-bypass(90888)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90888
Common Vulnerability Exposure (CVE) ID: CVE-2014-1490
BugTraq ID: 65335
http://www.securityfocus.com/bid/65335
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://seclists.org/fulldisclosure/2014/Dec/23
http://osvdb.org/102876
XForce ISS Database: mozilla-nss-cve20141490-code-exec(90885)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90885
Common Vulnerability Exposure (CVE) ID: CVE-2014-1491
BugTraq ID: 65332
http://www.securityfocus.com/bid/65332
Debian Security Information: DSA-2994 (Google Search)
http://www.debian.org/security/2014/dsa-2994
XForce ISS Database: firefox-nss-cve20141491-unspecified(90886)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90886
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.