openSUSE Security Update : xulrunner (openSUSE-SU-2013:0929-1)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Mozilla xulrunner was updated to 17.0.6esr (bnc#819204)

- MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous
memory safety hazards

- MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged
access for content level constructor

- MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free
with video and onresize event

- MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized
functions in DOMSVGZoomEvent

- MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/
CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory
corruption found using Address Sanitizer

See also :

http://lists.opensuse.org/opensuse-updates/2013-05/msg00035.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00066.html
https://bugzilla.novell.com/show_bug.cgi?id=819204

Solution :

Update the affected xulrunner packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now