SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 8879)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

This updates the Mozilla Firefox browser to the 24.3.0ESR security
release. The Mozilla NSS libraries are now on version 3.15.4.

The following security issues have been fixed :

- Memory safety bugs fixed in Firefox ESR 24.3 and Firefox
27.0 (CVE-2014-1477)(bnc#862345). (MFSA 2014-01)

- Using XBL scopes its possible to steal(clone) native
anonymous content (CVE-2014-1479)(bnc#862348). (MFSA
2014-02)

- Download 'open file' dialog delay is too quick, doesn't
prevent clickjacking. (CVE-2014-1480). (MFSA 2014-03)

- Image decoding causing FireFox to crash with Goo Create
(CVE-2014-1482)(bnc#862356). (MFSA 2014-04)

- caretPositionFromPoint and elementFromPoint leak
information about iframe contents via timing information
(CVE-2014-1483)(bnc#862360). (MFSA 2014-05)

- Fennec leaks profile path to logcat. (CVE-2014-1484).
(MFSA 2014-06)

- CSP should block XSLT as script, not as style.
(CVE-2014-1485). (MFSA 2014-07)

- imgRequestProxy Use-After-Free Remote Code Execution
Vulnerability. (CVE-2014-1486). (MFSA 2014-08)

- Cross-origin information disclosure with error message
of Web Workers. (CVE-2014-1487). (MFSA 2014-09)

- settings & history ID bug. (CVE-2014-1489). (MFSA
2014-10)

- Firefox reproducibly crashes when using asm.js code in
workers and transferable objects. (CVE-2014-1488). (MFSA
2014-11)

- TOCTOU, potential use-after-free in libssl's session
ticket processing (CVE-2014-1490)(bnc#862300) Do not
allow p-1 as a public DH value
(CVE-2014-1491)(bnc#862289). (MFSA 2014-12)

- Inconsistent this value when invoking getters on window
(CVE-2014-1481)(bnc#862309). (MFSA 2014-13)

See also :

http://www.mozilla.org/security/announce/2014/mfsa2014-01.html
http://www.mozilla.org/security/announce/2014/mfsa2014-02.html
http://www.mozilla.org/security/announce/2014/mfsa2014-03.html
http://www.mozilla.org/security/announce/2014/mfsa2014-04.html
http://www.mozilla.org/security/announce/2014/mfsa2014-05.html
http://www.mozilla.org/security/announce/2014/mfsa2014-06.html
http://www.mozilla.org/security/announce/2014/mfsa2014-07.html
http://www.mozilla.org/security/announce/2014/mfsa2014-08.html
http://www.mozilla.org/security/announce/2014/mfsa2014-09.html
http://www.mozilla.org/security/announce/2014/mfsa2014-10.html
http://www.mozilla.org/security/announce/2014/mfsa2014-11.html
http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
http://www.mozilla.org/security/announce/2014/mfsa2014-13.html
https://bugzilla.novell.com/show_bug.cgi?id=859055
https://bugzilla.novell.com/show_bug.cgi?id=861847
http://support.novell.com/security/cve/CVE-2014-1477.html
http://support.novell.com/security/cve/CVE-2014-1479.html
http://support.novell.com/security/cve/CVE-2014-1480.html
http://support.novell.com/security/cve/CVE-2014-1481.html
http://support.novell.com/security/cve/CVE-2014-1482.html
http://support.novell.com/security/cve/CVE-2014-1483.html
http://support.novell.com/security/cve/CVE-2014-1484.html
http://support.novell.com/security/cve/CVE-2014-1485.html
http://support.novell.com/security/cve/CVE-2014-1486.html
http://support.novell.com/security/cve/CVE-2014-1487.html
http://support.novell.com/security/cve/CVE-2014-1488.html
http://support.novell.com/security/cve/CVE-2014-1489.html
http://support.novell.com/security/cve/CVE-2014-1490.html
http://support.novell.com/security/cve/CVE-2014-1491.html

Solution :

Apply SAT patch number 8879.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now