SuSE 11.2 / 11.3 Security Update : Mozilla Firefox (SAT Patch Numbers 8344 / 8346)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

This update to Firefox 17.0.9esr (bnc#840485) addresses :

- User-defined properties on DOM proxies get the wrong
'this' object. (MFSA 2013-91)

-. (CVE-2013-1737)

- Memory corruption involving scrolling. (MFSA 2013-90)

- use-after-free in mozilla::layout::ScrollbarActivity.
(CVE-2013-1735)

- Memory corruption in nsGfxScrollFrameInner::IsLTR().
(CVE-2013-1736)

- Buffer overflow with multi-column, lists, and floats.
(MFSA 2013-89)

- buffer overflow at nsFloatManager::GetFlowArea() with
multicol, list, floats. (CVE-2013-1732)

- compartment mismatch re-attaching XBL-backed nodes.
(MFSA 2013-88)

- compartment mismatch in nsXBLBinding::DoInitJSClass.
(CVE-2013-1730)

- Mozilla Updater does not lock MAR file after signature
verification. (MFSA 2013-83)

- MAR signature bypass in Updater could lead to downgrade.
(CVE-2013-1726)

- Calling scope for new JavaScript objects can lead to
memory corruption. (MFSA 2013-82)

- ABORT: bad scope for new JSObjects: ReparentWrapper /
document.open. (CVE-2013-1725)

- Use-after-free in Animation Manager during stylesheet
cloning. (MFSA 2013-79)

- Heap-use-after-free in
nsAnimationManager::BuildAnimations. (CVE-2013-1722)

- Miscellaneous memory safety hazards (rv:24.0 /
rv:17.0.9). (MFSA 2013-76)

- Memory safety bugs fixed in Firefox 17.0.9 and Firefox
24.0. (CVE-2013-1718)

- Buffer underflow when generating CRMF requests. (MFSA
2013-65)

- ASAN heap-buffer-overflow (read 1) in
cryptojs_interpret_key_gen_type (CVE-2013-1705)

See also :

http://www.mozilla.org/security/announce/2013/mfsa2013-65.html
http://www.mozilla.org/security/announce/2013/mfsa2013-76.html
http://www.mozilla.org/security/announce/2013/mfsa2013-79.html
http://www.mozilla.org/security/announce/2013/mfsa2013-82.html
http://www.mozilla.org/security/announce/2013/mfsa2013-83.html
http://www.mozilla.org/security/announce/2013/mfsa2013-88.html
http://www.mozilla.org/security/announce/2013/mfsa2013-89.html
http://www.mozilla.org/security/announce/2013/mfsa2013-90.html
http://www.mozilla.org/security/announce/2013/mfsa2013-91.html
https://bugzilla.novell.com/show_bug.cgi?id=840485
http://support.novell.com/security/cve/CVE-2013-1705.html
http://support.novell.com/security/cve/CVE-2013-1718.html
http://support.novell.com/security/cve/CVE-2013-1722.html
http://support.novell.com/security/cve/CVE-2013-1725.html
http://support.novell.com/security/cve/CVE-2013-1726.html
http://support.novell.com/security/cve/CVE-2013-1730.html
http://support.novell.com/security/cve/CVE-2013-1732.html
http://support.novell.com/security/cve/CVE-2013-1735.html
http://support.novell.com/security/cve/CVE-2013-1736.html
http://support.novell.com/security/cve/CVE-2013-1737.html

Solution :

Apply SAT patch number 8344 / 8346 as appropriate.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now