SuSE 11.2 / 11.3 Security Update : Mozilla Firefox (SAT Patch Numbers 8187 / 8191)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

This update to Firefox 17.0.8esr (bnc#833389) addresses :

- (bmo#855331, bmo#844088, bmo#858060, bmo#870200,
bmo#874974, bmo#861530, bmo#854157, bmo#893684,
bmo#878703, bmo#862185, bmo#879139, bmo#888107,
bmo#880734). (MFSA 2013-63 / CVE-2013-1701 /
CVE-2013-1702)

Miscellaneous memory safety hazards have been fixed (rv:23.0 /
rv:17.0.8) :

- (bmo#888314, bmo#888361) Buffer overflow in Mozilla
Maintenance Service and Mozilla Updater. (MFSA 2013-66 /
CVE-2013-1706 / CVE-2013-1707)

- (bmo#848253) Document URI misrepresentation and
masquerading. (MFSA 2013-68 / CVE-2013-1709)

- (bmo#871368) CRMF requests allow for code execution and
XSS attacks. (MFSA 2013-69 / CVE-2013-1710)

- (bmo#859072) Further Privilege escalation through
Mozilla Updater. (MFSA 2013-71 / CVE-2013-1712)

- (bmo#887098) Wrong principal used for validating URI for
some JavaScript components. (MFSA 2013-72 /
CVE-2013-1713)

- (bmo#879787) Same-origin bypass with web workers and
XMLHttpRequest. (MFSA 2013-73 / CVE-2013-1714)

- (bmo#406541) Local Java applets may read contents of
local file system. (MFSA 2013-75 / CVE-2013-1717)

See also :

http://www.mozilla.org/security/announce/2013/mfsa2013-63.html
http://www.mozilla.org/security/announce/2013/mfsa2013-66.html
http://www.mozilla.org/security/announce/2013/mfsa2013-68.html
http://www.mozilla.org/security/announce/2013/mfsa2013-69.html
http://www.mozilla.org/security/announce/2013/mfsa2013-71.html
http://www.mozilla.org/security/announce/2013/mfsa2013-72.html
http://www.mozilla.org/security/announce/2013/mfsa2013-73.html
http://www.mozilla.org/security/announce/2013/mfsa2013-75.html
https://bugzilla.novell.com/show_bug.cgi?id=833389
http://support.novell.com/security/cve/CVE-2013-1701.html
http://support.novell.com/security/cve/CVE-2013-1702.html
http://support.novell.com/security/cve/CVE-2013-1706.html
http://support.novell.com/security/cve/CVE-2013-1707.html
http://support.novell.com/security/cve/CVE-2013-1709.html
http://support.novell.com/security/cve/CVE-2013-1710.html
http://support.novell.com/security/cve/CVE-2013-1712.html
http://support.novell.com/security/cve/CVE-2013-1713.html
http://support.novell.com/security/cve/CVE-2013-1714.html
http://support.novell.com/security/cve/CVE-2013-1717.html

Solution :

Apply SAT patch number 8187 / 8191 as appropriate.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now