openSUSE Security Update : MozillaFirefox (openSUSE-2017-921)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update to Mozilla Firefox 52.3esr fixes a number of security
issues.

The following vulnerabilities were advised upstream under MFSA 2017-19
(boo#1052829) :

- CVE-2017-7798: XUL injection in the style editor in
devtools

- CVE-2017-7800: Use-after-free in WebSockets during
disconnection

- CVE-2017-7801: Use-after-free with marquee during window
resizing

- CVE-2017-7784: Use-after-free with image observers

- CVE-2017-7802: Use-after-free resizing image elements

- CVE-2017-7785: Buffer overflow manipulating ARIA
attributes in DOM

- CVE-2017-7786: Buffer overflow while painting
non-displayable SVG

- CVE-2017-7753: Out-of-bounds read with cached style data
and pseudo-elements#

- CVE-2017-7787: Same-origin policy bypass with iframes
through page reloads

- CVE-2017-7807: Domain hijacking through AppCache
fallback

- CVE-2017-7792: Buffer overflow viewing certificates with
an extremely long OID

- CVE-2017-7804: Memory protection bypass through
WindowsDllDetourPatcher

- CVE-2017-7791: Spoofing following page navigation with
data: protocol and modal alerts

- CVE-2017-7782: WindowsDllDetourPatcher allocates memory
without DEP protections

- CVE-2017-7803: CSP containing 'sandbox' improperly
applied

- CVE-2017-7779: Memory safety bugs fixed in Firefox 55
and Firefox ESR 52.3

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1052829

Solution :

Update the affected MozillaFirefox packages.

Risk factor :

High

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now