Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2015.2081.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2015:2081-1)
Summary:The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2015:2081-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2015:2081-1 advisory.

Vulnerability Insight:
MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple security issues.
MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address hostnames can bypass same-origin policy MFSA 2015-123/CVE-2015-7189 Buffer overflow during image interactions in canvas MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when non-standard Content-Type headers are received MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip files MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with Java applet MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 Vulnerabilities found through code inspection MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass through workers MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR memory corruption issues It also includes fixes from 38.3.0ESR:
MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180
Vulnerabilities found through code inspection It also includes fixes from the Firefox 38.2.1ESR release:
MFSA 2015-94/CVE-2015-4497 (bsc#943557)
Use-after-free when resizing canvas element during restyling MFSA 2015-95/CVE-2015-4498 (bsc#943558)
Add-on notification bypass through data URLs It also includes fixes from the Firefox 38.2.0ESR release:
MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable JavaScript object properties MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in JavaScript MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling bitmap images MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx when decoding WebM video MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with shared workers Security Issues:
CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4497 CVE-2015-4498 CVE-2015-4500 CVE-2015-4501 ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Mozilla Firefox' package(s) on SUSE Linux Enterprise Server 10 SP4.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-4473
Debian Security Information: DSA-3333 (Google Search)
http://www.debian.org/security/2015/dsa-3333
Debian Security Information: DSA-3410 (Google Search)
http://www.debian.org/security/2015/dsa-3410
https://security.gentoo.org/glsa/201605-06
RedHat Security Advisories: RHSA-2015:1586
http://rhn.redhat.com/errata/RHSA-2015-1586.html
RedHat Security Advisories: RHSA-2015:1682
http://rhn.redhat.com/errata/RHSA-2015-1682.html
http://www.securitytracker.com/id/1033247
http://www.securitytracker.com/id/1033372
SuSE Security Announcement: SUSE-SU-2015:1449 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
SuSE Security Announcement: SUSE-SU-2015:1528 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
SuSE Security Announcement: SUSE-SU-2015:2081 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
SuSE Security Announcement: openSUSE-SU-2015:1389 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
SuSE Security Announcement: openSUSE-SU-2015:1390 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
SuSE Security Announcement: openSUSE-SU-2015:1453 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
SuSE Security Announcement: openSUSE-SU-2015:1454 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
http://www.ubuntu.com/usn/USN-2702-1
http://www.ubuntu.com/usn/USN-2702-2
http://www.ubuntu.com/usn/USN-2702-3
http://www.ubuntu.com/usn/USN-2712-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-4474
Common Vulnerability Exposure (CVE) ID: CVE-2015-4475
BugTraq ID: 76294
http://www.securityfocus.com/bid/76294
Common Vulnerability Exposure (CVE) ID: CVE-2015-4478
Common Vulnerability Exposure (CVE) ID: CVE-2015-4479
http://www.zerodayinitiative.com/advisories/ZDI-15-456
Common Vulnerability Exposure (CVE) ID: CVE-2015-4484
Common Vulnerability Exposure (CVE) ID: CVE-2015-4485
Common Vulnerability Exposure (CVE) ID: CVE-2015-4486
Common Vulnerability Exposure (CVE) ID: CVE-2015-4487
Common Vulnerability Exposure (CVE) ID: CVE-2015-4488
Common Vulnerability Exposure (CVE) ID: CVE-2015-4489
Common Vulnerability Exposure (CVE) ID: CVE-2015-4491
Debian Security Information: DSA-3337 (Google Search)
http://www.debian.org/security/2015/dsa-3337
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html
https://security.gentoo.org/glsa/201512-05
RedHat Security Advisories: RHSA-2015:1694
http://rhn.redhat.com/errata/RHSA-2015-1694.html
SuSE Security Announcement: openSUSE-SU-2015:1500 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html
http://www.ubuntu.com/usn/USN-2722-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-4492
BugTraq ID: 76297
http://www.securityfocus.com/bid/76297
Common Vulnerability Exposure (CVE) ID: CVE-2015-4497
BugTraq ID: 76502
http://www.securityfocus.com/bid/76502
Debian Security Information: DSA-3345 (Google Search)
http://www.debian.org/security/2015/dsa-3345
http://www.zerodayinitiative.com/advisories/ZDI-15-406
RedHat Security Advisories: RHSA-2015:1693
http://rhn.redhat.com/errata/RHSA-2015-1693.html
http://www.securitytracker.com/id/1033397
SuSE Security Announcement: SUSE-SU-2015:1504 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html
SuSE Security Announcement: openSUSE-SU-2015:1492 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-09/msg00000.html
http://www.ubuntu.com/usn/USN-2723-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-4498
BugTraq ID: 76505
http://www.securityfocus.com/bid/76505
http://www.securitytracker.com/id/1033396
Common Vulnerability Exposure (CVE) ID: CVE-2015-4500
BugTraq ID: 76816
http://www.securityfocus.com/bid/76816
Debian Security Information: DSA-3365 (Google Search)
http://www.debian.org/security/2015/dsa-3365
RedHat Security Advisories: RHSA-2015:1834
http://rhn.redhat.com/errata/RHSA-2015-1834.html
RedHat Security Advisories: RHSA-2015:1852
http://rhn.redhat.com/errata/RHSA-2015-1852.html
http://www.securitytracker.com/id/1033640
SuSE Security Announcement: SUSE-SU-2015:1680 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html
SuSE Security Announcement: SUSE-SU-2015:1703 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html
SuSE Security Announcement: openSUSE-SU-2015:1658 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html
SuSE Security Announcement: openSUSE-SU-2015:1679 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html
SuSE Security Announcement: openSUSE-SU-2015:1681 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
http://www.ubuntu.com/usn/USN-2743-1
http://www.ubuntu.com/usn/USN-2743-2
http://www.ubuntu.com/usn/USN-2743-3
http://www.ubuntu.com/usn/USN-2743-4
http://www.ubuntu.com/usn/USN-2754-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-4501
Common Vulnerability Exposure (CVE) ID: CVE-2015-4506
Common Vulnerability Exposure (CVE) ID: CVE-2015-4509
http://www.zerodayinitiative.com/advisories/ZDI-15-646
Common Vulnerability Exposure (CVE) ID: CVE-2015-4511
Common Vulnerability Exposure (CVE) ID: CVE-2015-4513
BugTraq ID: 77411
http://www.securityfocus.com/bid/77411
Debian Security Information: DSA-3393 (Google Search)
http://www.debian.org/security/2015/dsa-3393
https://security.gentoo.org/glsa/201512-10
RedHat Security Advisories: RHSA-2015:1982
http://rhn.redhat.com/errata/RHSA-2015-1982.html
RedHat Security Advisories: RHSA-2015:2519
http://rhn.redhat.com/errata/RHSA-2015-2519.html
http://www.securitytracker.com/id/1034069
SuSE Security Announcement: SUSE-SU-2015:1926 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html
SuSE Security Announcement: SUSE-SU-2015:1978 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html
SuSE Security Announcement: SUSE-SU-2015:1981 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html
SuSE Security Announcement: openSUSE-SU-2015:1942 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
SuSE Security Announcement: openSUSE-SU-2015:2229 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html
SuSE Security Announcement: openSUSE-SU-2015:2245 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html
http://www.ubuntu.com/usn/USN-2785-1
http://www.ubuntu.com/usn/USN-2819-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-4517
Common Vulnerability Exposure (CVE) ID: CVE-2015-4519
Common Vulnerability Exposure (CVE) ID: CVE-2015-4520
Common Vulnerability Exposure (CVE) ID: CVE-2015-4521
Common Vulnerability Exposure (CVE) ID: CVE-2015-4522
Common Vulnerability Exposure (CVE) ID: CVE-2015-7174
Common Vulnerability Exposure (CVE) ID: CVE-2015-7175
Common Vulnerability Exposure (CVE) ID: CVE-2015-7176
Common Vulnerability Exposure (CVE) ID: CVE-2015-7177
Common Vulnerability Exposure (CVE) ID: CVE-2015-7180
Common Vulnerability Exposure (CVE) ID: CVE-2015-7181
BugTraq ID: 77416
http://www.securityfocus.com/bid/77416
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Debian Security Information: DSA-3688 (Google Search)
http://www.debian.org/security/2016/dsa-3688
http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html
RedHat Security Advisories: RHSA-2015:1980
http://rhn.redhat.com/errata/RHSA-2015-1980.html
RedHat Security Advisories: RHSA-2015:1981
http://rhn.redhat.com/errata/RHSA-2015-1981.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753
http://www.ubuntu.com/usn/USN-2791-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-7182
Common Vulnerability Exposure (CVE) ID: CVE-2015-7183
BugTraq ID: 77415
http://www.securityfocus.com/bid/77415
Debian Security Information: DSA-3406 (Google Search)
http://www.debian.org/security/2015/dsa-3406
http://www.ubuntu.com/usn/USN-2790-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-7188
Common Vulnerability Exposure (CVE) ID: CVE-2015-7189
Common Vulnerability Exposure (CVE) ID: CVE-2015-7193
Common Vulnerability Exposure (CVE) ID: CVE-2015-7194
Common Vulnerability Exposure (CVE) ID: CVE-2015-7196
Common Vulnerability Exposure (CVE) ID: CVE-2015-7197
Common Vulnerability Exposure (CVE) ID: CVE-2015-7198
Common Vulnerability Exposure (CVE) ID: CVE-2015-7199
Common Vulnerability Exposure (CVE) ID: CVE-2015-7200
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.