openSUSE Security Update : Mozilla Firefox and NSS (openSUSE-2017-1114)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6,
fixes security issues and bugs. The following vulnerabilities advised
upstream under MFSA 2017-22 (boo#1060445) were fixed :

- CVE-2017-7793: Use-after-free with Fetch API

- CVE-2017-7818: Use-after-free during ARIA array
manipulation

- CVE-2017-7819: Use-after-free while resizing images in
design mode

- CVE-2017-7824: Buffer overflow when drawing and
validating elements with ANGLE

- CVE-2017-7814: Blob and data URLs bypass phishing and
malware protection warnings

- CVE-2017-7823: CSP sandbox directive did not create a
unique origin

- CVE-2017-7810: Memory safety bugs fixed in Firefox 56
and Firefox ESR 52.4 The following security issue was
fixed in Mozilla NSS 3.28.6 :

- CVE-2017-7805: Use-after-free in TLS 1.2 generating
handshake hashes (bsc#1061005)

The following bug was fixed :

- boo#1029917: language accept header use incorrect locale

For compatibility reasons, java-1_8_0-openjdk was rebuilt to the
updated version of NSS.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1060445
https://bugzilla.opensuse.org/show_bug.cgi?id=1061005

Solution :

Update the affected Mozilla Firefox and NSS packages.

Risk factor :

High

Family: SuSE Local Security Checks

Nessus Plugin ID: 103621 ()

Bugtraq ID:

CVE ID: CVE-2017-7793
CVE-2017-7805
CVE-2017-7810
CVE-2017-7814
CVE-2017-7818
CVE-2017-7819
CVE-2017-7823
CVE-2017-7824

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now