Test ID:	1.3.6.1.4.1.25623.1.2.1.2015.15
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2015-15) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: TLS TURN and STUN connections silently fail to simple TCP connections Security researcher Alexander Kolesnik reported while the Mozilla platform does not yet support TLS connections to TURN and STUN servers, the WebRTC implementation would accept turns: and stuns: URIs and then attempt plaintext connections to the servers when these were used. This can lead to disclosure of credentials through a Man-in-the-middle (MITM) attack as the connection is not encrypted. Affected Software/OS: Firefox version(s) below 36. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0834 BugTraq ID: 72743 http://www.securityfocus.com/bid/72743 https://security.gentoo.org/glsa/201504-01 http://www.securitytracker.com/id/1031791 SuSE Security Announcement: openSUSE-SU-2015:0404 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html SuSE Security Announcement: openSUSE-SU-2015:0570 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.ubuntu.com/usn/USN-2505-1
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.