Detections
Analytics

SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 9185)

critical Nessus Plugin ID 74006

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the following several security and non-security issues :

 - Miscellaneous memory safety hazards. (MFSA 2014-34 / CVE-2014-1518)

 - Out of bounds read while decoding JPG images. (MFSA 2014-37 / CVE-2014-1523)

 - Buffer overflow when using non-XBL object as XBL. (MFSA 2014-38 / CVE-2014-1524)

 - Privilege escalation through Web Notification API. (MFSA 2014-42 / CVE-2014-1529)

 - Cross-site scripting (XSS) using history navigations.
 (MFSA 2014-43 / CVE-2014-1530)

 - Use-after-free in imgLoader while resizing images. (MFSA 2014-44 / CVE-2014-1531)

 - Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16:. (MFSA 2014-46 / CVE-2014-1532)

 - required for Firefox 29

 - In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. (CVE-2014-1492)

 - Update of root certificates.

Solution

Apply SAT patch number 9185.

See Also

http://www.mozilla.org/security/announce/2014/mfsa2014-34.html

http://www.mozilla.org/security/announce/2014/mfsa2014-37.html

http://www.mozilla.org/security/announce/2014/mfsa2014-38.html

http://www.mozilla.org/security/announce/2014/mfsa2014-42.html

http://www.mozilla.org/security/announce/2014/mfsa2014-43.html

http://www.mozilla.org/security/announce/2014/mfsa2014-44.html

http://www.mozilla.org/security/announce/2014/mfsa2014-46.html

https://bugzilla.novell.com/show_bug.cgi?id=865539

https://bugzilla.novell.com/show_bug.cgi?id=869827

https://bugzilla.novell.com/show_bug.cgi?id=875378

https://bugzilla.novell.com/show_bug.cgi?id=875803

http://support.novell.com/security/cve/CVE-2014-1492.html

http://support.novell.com/security/cve/CVE-2014-1518.html

http://support.novell.com/security/cve/CVE-2014-1520.html

http://support.novell.com/security/cve/CVE-2014-1523.html

http://support.novell.com/security/cve/CVE-2014-1524.html

http://support.novell.com/security/cve/CVE-2014-1529.html

http://support.novell.com/security/cve/CVE-2014-1530.html

http://support.novell.com/security/cve/CVE-2014-1531.html

http://support.novell.com/security/cve/CVE-2014-1532.html

Plugin Details

Severity: Critical

ID: 74006

File Name: suse_11_MozillaFirefox-201404-140501.nasl

Version: 1.6

Type: local

Agent: unix

Published: 5/14/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:mozillafirefox, p-cpe:/a:novell:suse_linux:11:mozillafirefox-branding-sled, p-cpe:/a:novell:suse_linux:11:mozillafirefox-translations, p-cpe:/a:novell:suse_linux:11:libfreebl3, p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit, p-cpe:/a:novell:suse_linux:11:libsoftokn3, p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-nspr, p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-nss, p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 5/1/2014

Reference Information

CVE: CVE-2014-1492, CVE-2014-1518, CVE-2014-1520, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532