SuSE 11.2 / 11.3 Security Update : Mozilla Firefox (SAT Patch Numbers 8187 / 8191)

Critical Nessus Plugin ID 69344


The remote SuSE 11 host is missing one or more security updates.


This update to Firefox 17.0.8esr (bnc#833389) addresses :

- (bmo#855331, bmo#844088, bmo#858060, bmo#870200, bmo#874974, bmo#861530, bmo#854157, bmo#893684, bmo#878703, bmo#862185, bmo#879139, bmo#888107, bmo#880734). (MFSA 2013-63 / CVE-2013-1701 / CVE-2013-1702)

Miscellaneous memory safety hazards have been fixed (rv:23.0 / rv:17.0.8) :

- (bmo#888314, bmo#888361) Buffer overflow in Mozilla Maintenance Service and Mozilla Updater. (MFSA 2013-66 / CVE-2013-1706 / CVE-2013-1707)

- (bmo#848253) Document URI misrepresentation and masquerading. (MFSA 2013-68 / CVE-2013-1709)

- (bmo#871368) CRMF requests allow for code execution and XSS attacks. (MFSA 2013-69 / CVE-2013-1710)

- (bmo#859072) Further Privilege escalation through Mozilla Updater. (MFSA 2013-71 / CVE-2013-1712)

- (bmo#887098) Wrong principal used for validating URI for some JavaScript components. (MFSA 2013-72 / CVE-2013-1713)

- (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest. (MFSA 2013-73 / CVE-2013-1714)

- (bmo#406541) Local Java applets may read contents of local file system. (MFSA 2013-75 / CVE-2013-1717)


Apply SAT patch number 8187 / 8191 as appropriate.

See Also

Plugin Details

Severity: Critical

ID: 69344

File Name: suse_11_MozillaFirefox-130810.nasl

Version: $Revision: 1.8 $

Type: local

Agent: unix

Published: 2013/08/14

Modified: 2014/08/16

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:MozillaFirefox, p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/08/10

Exploitable With

Metasploit (Firefox toString console.time Privileged Javascript Injection)

Reference Information

CVE: CVE-2013-1701, CVE-2013-1702, CVE-2013-1706, CVE-2013-1707, CVE-2013-1709, CVE-2013-1710, CVE-2013-1712, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717