openSUSE Security Update : MozillaFirefox (openSUSE-SU-2015:0077-2)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

MozillaFirefox was updated to version 35.0 (bnc#910669)

Notable features :

- Firefox Hello with new rooms-based conversations model

- Implemented HTTP Public Key Pinning Extension (for
enhanced authentication of encrypted connections)

Security fixes :

- MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous
memory safety hazards

- MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized
memory use during bitmap rendering

- MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon
requests lack an Origin header

- MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie
injection through Proxy Authenticate responses

- MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of
uninitialized memory in Web Audio

- MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free
in WebRTC

- MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
Gecko Media Plugin sandbox escape

- MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP
responder certificates failure with id-pkix-ocsp-nocheck
extension

- MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper
bypass through DOM objects

- obsolete tracker-miner-firefox < 0.15 because it leads
to startup crashes (bnc#908892)

See also :

http://lists.opensuse.org/opensuse-updates/2015-01/msg00039.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00042.html
https://bugzilla.opensuse.org/show_bug.cgi?id=908892
https://bugzilla.opensuse.org/show_bug.cgi?id=910669

Solution :

Update the affected MozillaFirefox packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now