SuSE 11.2 / 11.3 Security Update : Mozilla Firefox (SAT Patch Numbers 8187 / 8191)

critical Nessus Plugin ID 69344

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This update to Firefox 17.0.8esr (bnc#833389) addresses :

- (bmo#855331, bmo#844088, bmo#858060, bmo#870200, bmo#874974, bmo#861530, bmo#854157, bmo#893684, bmo#878703, bmo#862185, bmo#879139, bmo#888107, bmo#880734). (MFSA 2013-63 / CVE-2013-1701 / CVE-2013-1702)

Miscellaneous memory safety hazards have been fixed (rv:23.0 / rv:17.0.8) :

- (bmo#888314, bmo#888361) Buffer overflow in Mozilla Maintenance Service and Mozilla Updater. (MFSA 2013-66 / CVE-2013-1706 / CVE-2013-1707)

- (bmo#848253) Document URI misrepresentation and masquerading. (MFSA 2013-68 / CVE-2013-1709)

- (bmo#871368) CRMF requests allow for code execution and XSS attacks. (MFSA 2013-69 / CVE-2013-1710)

- (bmo#859072) Further Privilege escalation through Mozilla Updater. (MFSA 2013-71 / CVE-2013-1712)

- (bmo#887098) Wrong principal used for validating URI for some JavaScript components. (MFSA 2013-72 / CVE-2013-1713)

- (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest. (MFSA 2013-73 / CVE-2013-1714)

- (bmo#406541) Local Java applets may read contents of local file system. (MFSA 2013-75 / CVE-2013-1717)

Solution

Apply SAT patch number 8187 / 8191 as appropriate.

See Also

http://www.mozilla.org/security/announce/2013/mfsa2013-63.html

http://www.mozilla.org/security/announce/2013/mfsa2013-66.html

http://www.mozilla.org/security/announce/2013/mfsa2013-68.html

http://www.mozilla.org/security/announce/2013/mfsa2013-69.html

http://www.mozilla.org/security/announce/2013/mfsa2013-71.html

http://www.mozilla.org/security/announce/2013/mfsa2013-72.html

http://www.mozilla.org/security/announce/2013/mfsa2013-73.html

http://www.mozilla.org/security/announce/2013/mfsa2013-75.html

https://bugzilla.novell.com/show_bug.cgi?id=833389

http://support.novell.com/security/cve/CVE-2013-1701.html

http://support.novell.com/security/cve/CVE-2013-1702.html

http://support.novell.com/security/cve/CVE-2013-1706.html

http://support.novell.com/security/cve/CVE-2013-1707.html

http://support.novell.com/security/cve/CVE-2013-1709.html

http://support.novell.com/security/cve/CVE-2013-1710.html

http://support.novell.com/security/cve/CVE-2013-1712.html

http://support.novell.com/security/cve/CVE-2013-1713.html

http://support.novell.com/security/cve/CVE-2013-1714.html

http://support.novell.com/security/cve/CVE-2013-1717.html

Plugin Details

Severity: Critical

ID: 69344

File Name: suse_11_MozillaFirefox-130810.nasl

Version: 1.11

Type: local

Agent: unix

Published: 8/14/2013

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:mozillafirefox, p-cpe:/a:novell:suse_linux:11:mozillafirefox-translations, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/10/2013

Exploitable With

Metasploit (Firefox toString console.time Privileged Javascript Injection)

Reference Information

CVE: CVE-2013-1701, CVE-2013-1702, CVE-2013-1706, CVE-2013-1707, CVE-2013-1709, CVE-2013-1710, CVE-2013-1712, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717