Test ID:	1.3.6.1.4.1.25623.1.2.1.2015.12
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2015-12) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: Invoking Mozilla updater will load locally stored DLL files Security researcher Holger Fuhrmannek reported that when the Mozilla updater is run directly, the updater will load binary DLL format files from the local working directory or from the Windows temporary directories. This occurs when it is run without the Mozilla Maintenance Service on Windows systems. This allowed for possibly malicious DLL files to execute with elevated privileges if a user agrees when a User Account Control (UAC) prompt from Windows is displayed. Affected Software/OS: Firefox version(s) below 36. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0833 BugTraq ID: 72747 http://www.securityfocus.com/bid/72747 https://security.gentoo.org/glsa/201504-01 http://www.securitytracker.com/id/1031791 http://www.securitytracker.com/id/1031792 SuSE Security Announcement: openSUSE-SU-2015:0567 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html SuSE Security Announcement: openSUSE-SU-2015:0570 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.