Test ID:	1.3.6.1.4.1.25623.1.2.1.2014.28
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2014-28) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: SVG filters information disclosure through feDisplacementMap Mozilla developer Robert O'Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap. This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SVG timing attacks and could allow for text values to be read across domains, leading to information disclosure. Affected Software/OS: Firefox version(s) below 28. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1505 BugTraq ID: 66418 http://www.securityfocus.com/bid/66418 Debian Security Information: DSA-2881 (Google Search) http://www.debian.org/security/2014/dsa-2881 Debian Security Information: DSA-2911 (Google Search) http://www.debian.org/security/2014/dsa-2911 https://security.gentoo.org/glsa/201504-01 RedHat Security Advisories: RHSA-2014:0310 http://rhn.redhat.com/errata/RHSA-2014-0310.html RedHat Security Advisories: RHSA-2014:0316 http://rhn.redhat.com/errata/RHSA-2014-0316.html SuSE Security Announcement: SUSE-SU-2014:0418 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html SuSE Security Announcement: openSUSE-SU-2014:0419 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html SuSE Security Announcement: openSUSE-SU-2014:0448 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html SuSE Security Announcement: openSUSE-SU-2014:0584 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.ubuntu.com/usn/USN-2151-1
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.