Fedora 16 : firefox-9.0-3.fc16 / nss-3.13.1-9.fc16 / nss-softokn-3.13.1-14.fc16 / etc (2011-17400)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing one or more security updates.

Description :

The latest version of Firefox and Thunderbird have the following
changes :

- Added Type Inference, significantly improving JavaScript
performance

- Added support for querying Do Not Track status via
JavaScript

- Added support for font-stretch

- Improved support for text-overflow

- Improved standards support for HTML5, MathML, and CSS

- Fixed several stability issues

- Fixed several security issues

Update nss to 3.13.1

You can find the new features and bug fixes in NSS 3.13 and 3.13.1
with these Bugzilla queries :

https://bugzilla.mozilla.org/buglist.cgi?list_id=1496878&resolution=FI
XED&classification=Components&query_format=advanced&target_milestone=3
.13&product=NSS

and

https://bugzilla.mozilla.org/buglist.cgi?list_id=1496878&resolution=FI
XED&classification=Components&query_format=advanced&target_milestone=3
.13.1&product=NSS

Notable changes include :

1. SSL 2.0 is disabled by default.

2. A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext
attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by
default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable
it.

3. SHA-224 is supported.

4. Added PORT_ErrorToString and PORT_ErrorToName to return the error
message and symbolic name of an NSS error code.

5. Added NSS_GetVersion to return the NSS version string.

6. Added experimental support of RSA-PSS to the softoken only
(contributed by Hanno Bock, http://rsapss.hboeck.de/).

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://rsapss.hboeck.de/
http://www.nessus.org/u?c50d6ac0
http://www.nessus.org/u?132ae2a7
http://www.nessus.org/u?1fa18268
http://www.nessus.org/u?92f4593c
http://www.nessus.org/u?a6791be1
http://www.nessus.org/u?05d0db8f
http://www.nessus.org/u?b974e724
http://www.nessus.org/u?af682fa6
http://www.nessus.org/u?01c5fc18

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 57389 ()

Bugtraq ID: 51133
51134
51135
51136
51137
51138
51139

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now