Detections
Analytics
SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2023:0763-1)
high Nessus Plugin ID 172645
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0763-1 advisory.Update to version 102.9.0 ESR (bsc#1209173):
- CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android
- CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android
- CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt
- CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode
- CVE-2023-25751: Incorrect code generation during JIT compilation
- CVE-2023-28160: Redirect to Web Extension files may have leaked local path
- CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
- CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab
- CVE-2023-28162: Invalid downcast in Worklets
- CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
- CVE-2023-28163: Windows Save As dialog resolved environment variables
- CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
- CVE-2023-28177: Memory safety bugs fixed in Firefox 111
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected MozillaFirefox, MozillaFirefox-devel and / or MozillaFirefox-translations-common packages.See Also
https://bugzilla.suse.com/1209173
https://www.suse.com/security/cve/CVE-2023-25748
https://www.suse.com/security/cve/CVE-2023-25749
https://www.suse.com/security/cve/CVE-2023-25750
https://www.suse.com/security/cve/CVE-2023-25751
https://www.suse.com/security/cve/CVE-2023-25752
https://www.suse.com/security/cve/CVE-2023-28159
https://www.suse.com/security/cve/CVE-2023-28160
https://www.suse.com/security/cve/CVE-2023-28161
https://www.suse.com/security/cve/CVE-2023-28162
https://www.suse.com/security/cve/CVE-2023-28163
https://www.suse.com/security/cve/CVE-2023-28164
https://www.suse.com/security/cve/CVE-2023-28176
Plugin Details
Severity: High
ID: 172645
File Name: suse_SU-2023-0763-1.nasl
Version: 1.5
Type: Local
Agent: unix
Family: SuSE Local Security Checks
Published: 3/17/2023
Updated: 6/26/2026
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, tenable_cloud_security, tenable_self_hosted_container_security, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2023-28177
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:mozillafirefox-devel, p-cpe:/a:novell:suse_linux:mozillafirefox-translations-common, p-cpe:/a:novell:suse_linux:mozillafirefox
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 3/16/2023
Vulnerability Publication Date: 3/14/2023
Reference Information
CVE: CVE-2023-25748, CVE-2023-25749, CVE-2023-25750, CVE-2023-25751, CVE-2023-25752, CVE-2023-28159, CVE-2023-28160, CVE-2023-28161, CVE-2023-28162, CVE-2023-28163, CVE-2023-28164, CVE-2023-28176, CVE-2023-28177
IAVA: 2023-A-0132-S
SuSE: SUSE-SU-2023:0763-1