SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 9185)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the
following several security and non-security issues :

- Miscellaneous memory safety hazards. (MFSA 2014-34 /

- Out of bounds read while decoding JPG images. (MFSA
2014-37 / CVE-2014-1523)

- Buffer overflow when using non-XBL object as XBL. (MFSA
2014-38 / CVE-2014-1524)

- Privilege escalation through Web Notification API. (MFSA
2014-42 / CVE-2014-1529)

- Cross-site scripting (XSS) using history navigations.
(MFSA 2014-43 / CVE-2014-1530)

- Use-after-free in imgLoader while resizing images. (MFSA
2014-44 / CVE-2014-1531)

- Use-after-free in nsHostResolver Mozilla NSS has been
updated to 3.16:. (MFSA 2014-46 / CVE-2014-1532)

- required for Firefox 29

- In a wildcard certificate, the wildcard character should
not be embedded within the U-label of an
internationalized domain name. See the last bullet point
in RFC 6125, Section 7.2. (CVE-2014-1492)

- Update of root certificates.

See also :

Solution :

Apply SAT patch number 9185.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 74006 ()

Bugtraq ID:

CVE ID: CVE-2014-1492

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now