SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 9185)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the
following several security and non-security issues :

- Miscellaneous memory safety hazards. (MFSA 2014-34 /
CVE-2014-1518)

- Out of bounds read while decoding JPG images. (MFSA
2014-37 / CVE-2014-1523)

- Buffer overflow when using non-XBL object as XBL. (MFSA
2014-38 / CVE-2014-1524)

- Privilege escalation through Web Notification API. (MFSA
2014-42 / CVE-2014-1529)

- Cross-site scripting (XSS) using history navigations.
(MFSA 2014-43 / CVE-2014-1530)

- Use-after-free in imgLoader while resizing images. (MFSA
2014-44 / CVE-2014-1531)

- Use-after-free in nsHostResolver Mozilla NSS has been
updated to 3.16:. (MFSA 2014-46 / CVE-2014-1532)

- required for Firefox 29

- In a wildcard certificate, the wildcard character should
not be embedded within the U-label of an
internationalized domain name. See the last bullet point
in RFC 6125, Section 7.2. (CVE-2014-1492)

- Update of root certificates.

See also :

http://www.mozilla.org/security/announce/2014/mfsa2014-34.html
http://www.mozilla.org/security/announce/2014/mfsa2014-37.html
http://www.mozilla.org/security/announce/2014/mfsa2014-38.html
http://www.mozilla.org/security/announce/2014/mfsa2014-42.html
http://www.mozilla.org/security/announce/2014/mfsa2014-43.html
http://www.mozilla.org/security/announce/2014/mfsa2014-44.html
http://www.mozilla.org/security/announce/2014/mfsa2014-46.html
https://bugzilla.novell.com/show_bug.cgi?id=865539
https://bugzilla.novell.com/show_bug.cgi?id=869827
https://bugzilla.novell.com/show_bug.cgi?id=875378
https://bugzilla.novell.com/show_bug.cgi?id=875803
http://support.novell.com/security/cve/CVE-2014-1492.html
http://support.novell.com/security/cve/CVE-2014-1518.html
http://support.novell.com/security/cve/CVE-2014-1520.html
http://support.novell.com/security/cve/CVE-2014-1523.html
http://support.novell.com/security/cve/CVE-2014-1524.html
http://support.novell.com/security/cve/CVE-2014-1529.html
http://support.novell.com/security/cve/CVE-2014-1530.html
http://support.novell.com/security/cve/CVE-2014-1531.html
http://support.novell.com/security/cve/CVE-2014-1532.html

Solution :

Apply SAT patch number 9185.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 74006 ()

Bugtraq ID:

CVE ID: CVE-2014-1492
CVE-2014-1518
CVE-2014-1520
CVE-2014-1523
CVE-2014-1524
CVE-2014-1529
CVE-2014-1530
CVE-2014-1531
CVE-2014-1532

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now