SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 8879)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

This updates the Mozilla Firefox browser to the 24.3.0ESR security
release. The Mozilla NSS libraries are now on version 3.15.4.

The following security issues have been fixed :

- Memory safety bugs fixed in Firefox ESR 24.3 and Firefox
27.0 (CVE-2014-1477)(bnc#862345). (MFSA 2014-01)

- Using XBL scopes its possible to steal(clone) native
anonymous content (CVE-2014-1479)(bnc#862348). (MFSA

- Download 'open file' dialog delay is too quick, doesn't
prevent clickjacking. (CVE-2014-1480). (MFSA 2014-03)

- Image decoding causing FireFox to crash with Goo Create
(CVE-2014-1482)(bnc#862356). (MFSA 2014-04)

- caretPositionFromPoint and elementFromPoint leak
information about iframe contents via timing information
(CVE-2014-1483)(bnc#862360). (MFSA 2014-05)

- Fennec leaks profile path to logcat. (CVE-2014-1484).
(MFSA 2014-06)

- CSP should block XSLT as script, not as style.
(CVE-2014-1485). (MFSA 2014-07)

- imgRequestProxy Use-After-Free Remote Code Execution
Vulnerability. (CVE-2014-1486). (MFSA 2014-08)

- Cross-origin information disclosure with error message
of Web Workers. (CVE-2014-1487). (MFSA 2014-09)

- settings & history ID bug. (CVE-2014-1489). (MFSA

- Firefox reproducibly crashes when using asm.js code in
workers and transferable objects. (CVE-2014-1488). (MFSA

- TOCTOU, potential use-after-free in libssl's session
ticket processing (CVE-2014-1490)(bnc#862300) Do not
allow p-1 as a public DH value
(CVE-2014-1491)(bnc#862289). (MFSA 2014-12)

- Inconsistent this value when invoking getters on window
(CVE-2014-1481)(bnc#862309). (MFSA 2014-13)

See also :

Solution :

Apply SAT patch number 8879.

Risk factor :

Critical / CVSS Base Score : 10.0

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now