This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
Mozilla Firefox was updated to Firefox 52.1.0esr.
The following vulnerabilities were fixed (bsc#1035082) :
- CVE-2017-5443: Out-of-bounds write during BinHex
- CVE-2017-5429: Memory safety bugs fixed in Firefox 53,
Firefox ESR 45.9, and Firefox ESR 52.1
- CVE-2017-5464: Memory corruption with accessibility and
- CVE-2017-5465: Out-of-bounds read in ConvolvePixel
- CVE-2017-5466: Origin confusion when reloading isolated
- CVE-2017-5467: Memory corruption when drawing Skia
- CVE-2017-5460: Use-after-free in frame selection
- CVE-2017-5461: Out-of-bounds write in Base64 encoding in
- CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
- CVE-2017-5449: Crash during bidirectional unicode
manipulation with animation
- CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA
frames are sent with incorrect data
- CVE-2017-5447: Out-of-bounds read during glyph
- CVE-2017-5444: Buffer overflow while parsing
The package is now following the ESR 52 branch :
- Enable plugin support by default
- service workers are disabled by default
- push notifications are disabled by default
- WebAssembly (wasm) is disabled
- Less use of multiprocess architecture Electrolysis
See also :
Update the affected Mozilla Firefox packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: SuSE Local Security Checks
Nessus Plugin ID: 99649 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now