openSUSE Security Update : Mozilla Firefox (openSUSE-2016-131)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update fixes the following security related issues by updating
packages to a more recent version :

Update of NSPR to 4.11 Update of NSS to 3.21 Update of Firefox to 44.0

- MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 Miscellaneous
memory safety hazards

- MFSA 2016-02/CVE-2016-1933 (bmo#1231761) Out of Memory
crash when parsing GIF format images

- MFSA 2016-03/CVE-2016-1935 (bmo#1220450) Buffer overflow
in WebGL after out of memory allocation

- MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423,
bmo#1233784) Firefox allows for control characters to be
set in cookie names

- MFSA 2016-06/CVE-2016-1937 (bmo#724353) Missing delay
following user click events in protocol handler dialog

- MFSA 2016-07/CVE-2016-1938 (bmo#1190248) Errors in
mp_div and mp_exptmod cryptographic functions in NSS
(fixed by requiring NSS 3.21)

- MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082,
bmo#1228590) Addressbar spoofing attacks

- MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
(bmo#1186621, bmo#1214782, bmo#1232096) Unsafe memory
manipulation found through code inspection

- MFSA 2016-11/CVE-2016-1947 (bmo#1237103) Application
Reputation service disabled in Firefox 43

Solution :

Update the affected Mozilla Firefox packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now