This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6,
fixes security issues and bugs. The following vulnerabilities advised
upstream under MFSA 2017-22 (boo#1060445) were fixed :
- CVE-2017-7793: Use-after-free with Fetch API
- CVE-2017-7818: Use-after-free during ARIA array
- CVE-2017-7819: Use-after-free while resizing images in
- CVE-2017-7824: Buffer overflow when drawing and
validating elements with ANGLE
- CVE-2017-7814: Blob and data URLs bypass phishing and
malware protection warnings
- CVE-2017-7823: CSP sandbox directive did not create a
- CVE-2017-7810: Memory safety bugs fixed in Firefox 56
and Firefox ESR 52.4 The following security issue was
fixed in Mozilla NSS 3.28.6 :
- CVE-2017-7805: Use-after-free in TLS 1.2 generating
handshake hashes (bsc#1061005)
The following bug was fixed :
- boo#1029917: language accept header use incorrect locale
For compatibility reasons, java-1_8_0-openjdk was rebuilt to the
updated version of NSS.
See also :
Update the affected Mozilla Firefox and NSS packages.
Risk factor :
Family: SuSE Local Security Checks
Nessus Plugin ID: 103621 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now