Test ID:	1.3.6.1.4.1.25623.1.2.1.2012.105
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2012-105) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: Use-after-free and buffer overflow issues found using Address Sanitizer Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. Affected Software/OS: Firefox version(s) below 17. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4212 BugTraq ID: 56630 http://www.securityfocus.com/bid/56630 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15993 http://secunia.com/advisories/51369 http://secunia.com/advisories/51370 http://secunia.com/advisories/51381 http://secunia.com/advisories/51434 http://secunia.com/advisories/51439 http://secunia.com/advisories/51440 SuSE Security Announcement: SUSE-SU-2012:1592 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html SuSE Security Announcement: openSUSE-SU-2012:1583 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html SuSE Security Announcement: openSUSE-SU-2012:1585 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html SuSE Security Announcement: openSUSE-SU-2012:1586 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html SuSE Security Announcement: openSUSE-SU-2013:0175 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://www.ubuntu.com/usn/USN-1636-1 http://www.ubuntu.com/usn/USN-1638-1 http://www.ubuntu.com/usn/USN-1638-2 http://www.ubuntu.com/usn/USN-1638-3 Common Vulnerability Exposure (CVE) ID: CVE-2012-4213 BugTraq ID: 56638 http://www.securityfocus.com/bid/56638 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16761 Common Vulnerability Exposure (CVE) ID: CVE-2012-4214 BugTraq ID: 56628 http://www.securityfocus.com/bid/56628 http://www.mandriva.com/security/advisories?name=MDVSA-2012:173 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16884 RedHat Security Advisories: RHSA-2012:1482 http://rhn.redhat.com/errata/RHSA-2012-1482.html RedHat Security Advisories: RHSA-2012:1483 http://rhn.redhat.com/errata/RHSA-2012-1483.html http://secunia.com/advisories/51359 http://secunia.com/advisories/51360 XForce ISS Database: firefox-nstexteditorstate-code-exec(80187) https://exchange.xforce.ibmcloud.com/vulnerabilities/80187 Common Vulnerability Exposure (CVE) ID: CVE-2012-4215 BugTraq ID: 56633 http://www.securityfocus.com/bid/56633 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16690 XForce ISS Database: firefox-fireclipboard-code-exec(80188) https://exchange.xforce.ibmcloud.com/vulnerabilities/80188 Common Vulnerability Exposure (CVE) ID: CVE-2012-4216 BugTraq ID: 56634 http://www.securityfocus.com/bid/56634 Debian Security Information: DSA-2583 (Google Search) http://www.debian.org/security/2012/dsa-2583 Debian Security Information: DSA-2584 (Google Search) http://www.debian.org/security/2012/dsa-2584 Debian Security Information: DSA-2588 (Google Search) http://www.debian.org/security/2012/dsa-2588 http://osvdb.org/87609 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16902 XForce ISS Database: firefox-getfontentry-code-exec(80189) https://exchange.xforce.ibmcloud.com/vulnerabilities/80189 Common Vulnerability Exposure (CVE) ID: CVE-2012-4217 BugTraq ID: 56639 http://www.securityfocus.com/bid/56639 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16958 Common Vulnerability Exposure (CVE) ID: CVE-2012-4218 BugTraq ID: 56640 http://www.securityfocus.com/bid/56640 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16885 Common Vulnerability Exposure (CVE) ID: CVE-2012-5839 BugTraq ID: 56637 http://www.securityfocus.com/bid/56637 http://osvdb.org/87607 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16968 XForce ISS Database: firefox-gfxshapedword-bo(80196) https://exchange.xforce.ibmcloud.com/vulnerabilities/80196 Common Vulnerability Exposure (CVE) ID: CVE-2012-5840 BugTraq ID: 56635 http://www.securityfocus.com/bid/56635 http://osvdb.org/87606 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16904 XForce ISS Database: mozilla-prepareeditor-code-exec(80190) https://exchange.xforce.ibmcloud.com/vulnerabilities/80190
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.