Test ID:	1.3.6.1.4.1.25623.1.1.4.2020.0068.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2020:0068-1)
Summary:	The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:0068-1 advisory.
Description:	Summary: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:0068-1 advisory. Vulnerability Insight: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 Affected Software/OS: 'MozillaFirefox' package(s) on SUSE Linux Enterprise Desktop 12-SP4, SUSE Linux Enterprise Server 12-SP1, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP Applications 12-SP1, SUSE Linux Enterprise Server for SAP Applications 12-SP2, SUSE Linux Enterprise Server for SAP Applications 12-SP3, SUSE Linux Enterprise Server for SAP Applications 12-SP4, SUSE Linux Enterprise Server for SAP Applications 12-SP5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-17015 Bugtraq: 20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01) (Google Search) https://seclists.org/bugtraq/2020/Jan/18 http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html https://bugzilla.mozilla.org/show_bug.cgi?id=1599005 SuSE Security Announcement: openSUSE-SU-2020:0060 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html SuSE Security Announcement: openSUSE-SU-2020:0094 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html Common Vulnerability Exposure (CVE) ID: CVE-2019-17016 Bugtraq: 20200109 [SECURITY] [DSA 4600-1] firefox-esr security update (Google Search) https://seclists.org/bugtraq/2020/Jan/12 Bugtraq: 20200120 [SECURITY] [DSA 4603-1] thunderbird security update (Google Search) https://seclists.org/bugtraq/2020/Jan/26 Debian Security Information: DSA-4600 (Google Search) https://www.debian.org/security/2020/dsa-4600 Debian Security Information: DSA-4603 (Google Search) https://www.debian.org/security/2020/dsa-4603 https://security.gentoo.org/glsa/202003-02 https://bugzilla.mozilla.org/show_bug.cgi?id=1599181 https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html RedHat Security Advisories: RHSA-2020:0085 https://access.redhat.com/errata/RHSA-2020:0085 RedHat Security Advisories: RHSA-2020:0086 https://access.redhat.com/errata/RHSA-2020:0086 RedHat Security Advisories: RHSA-2020:0111 https://access.redhat.com/errata/RHSA-2020:0111 RedHat Security Advisories: RHSA-2020:0120 https://access.redhat.com/errata/RHSA-2020:0120 RedHat Security Advisories: RHSA-2020:0123 https://access.redhat.com/errata/RHSA-2020:0123 RedHat Security Advisories: RHSA-2020:0127 https://access.redhat.com/errata/RHSA-2020:0127 RedHat Security Advisories: RHSA-2020:0292 https://access.redhat.com/errata/RHSA-2020:0292 RedHat Security Advisories: RHSA-2020:0295 https://access.redhat.com/errata/RHSA-2020:0295 https://usn.ubuntu.com/4234-1/ https://usn.ubuntu.com/4241-1/ https://usn.ubuntu.com/4335-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-17017 https://bugzilla.mozilla.org/show_bug.cgi?id=1603055 Common Vulnerability Exposure (CVE) ID: CVE-2019-17021 https://bugzilla.mozilla.org/show_bug.cgi?id=1599008 Common Vulnerability Exposure (CVE) ID: CVE-2019-17022 https://bugzilla.mozilla.org/show_bug.cgi?id=1602843 Common Vulnerability Exposure (CVE) ID: CVE-2019-17024 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507180%2C1595470%2C1598605%2C1601826 Common Vulnerability Exposure (CVE) ID: CVE-2019-17026 http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html https://bugzilla.mozilla.org/show_bug.cgi?id=1607443 https://www.mozilla.org/security/advisories/mfsa2020-03/ https://www.mozilla.org/security/advisories/mfsa2020-04/
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.