SuSE 11.2 / 11.3 Security Update : Mozilla Firefox (SAT Patch Numbers 8344 / 8346)

critical Nessus Plugin ID 70189

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This update to Firefox 17.0.9esr (bnc#840485) addresses :

- User-defined properties on DOM proxies get the wrong 'this' object. (MFSA 2013-91)

-. (CVE-2013-1737)

- Memory corruption involving scrolling. (MFSA 2013-90)

- use-after-free in mozilla::layout::ScrollbarActivity.
(CVE-2013-1735)

- Memory corruption in nsGfxScrollFrameInner::IsLTR().
(CVE-2013-1736)

- Buffer overflow with multi-column, lists, and floats.
(MFSA 2013-89)

- buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats. (CVE-2013-1732)

- compartment mismatch re-attaching XBL-backed nodes.
(MFSA 2013-88)

- compartment mismatch in nsXBLBinding::DoInitJSClass.
(CVE-2013-1730)

- Mozilla Updater does not lock MAR file after signature verification. (MFSA 2013-83)

- MAR signature bypass in Updater could lead to downgrade.
(CVE-2013-1726)

- Calling scope for new JavaScript objects can lead to memory corruption. (MFSA 2013-82)

- ABORT: bad scope for new JSObjects: ReparentWrapper / document.open. (CVE-2013-1725)

- Use-after-free in Animation Manager during stylesheet cloning. (MFSA 2013-79)

- Heap-use-after-free in nsAnimationManager::BuildAnimations. (CVE-2013-1722)

- Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9). (MFSA 2013-76)

- Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0. (CVE-2013-1718)

- Buffer underflow when generating CRMF requests. (MFSA 2013-65)

- ASAN heap-buffer-overflow (read 1) in cryptojs_interpret_key_gen_type (CVE-2013-1705)

Solution

Apply SAT patch number 8344 / 8346 as appropriate.

See Also

http://www.mozilla.org/security/announce/2013/mfsa2013-65.html

http://www.mozilla.org/security/announce/2013/mfsa2013-76.html

http://www.mozilla.org/security/announce/2013/mfsa2013-79.html

http://www.mozilla.org/security/announce/2013/mfsa2013-82.html

http://www.mozilla.org/security/announce/2013/mfsa2013-83.html

http://www.mozilla.org/security/announce/2013/mfsa2013-88.html

http://www.mozilla.org/security/announce/2013/mfsa2013-89.html

http://www.mozilla.org/security/announce/2013/mfsa2013-90.html

http://www.mozilla.org/security/announce/2013/mfsa2013-91.html

https://bugzilla.novell.com/show_bug.cgi?id=840485

http://support.novell.com/security/cve/CVE-2013-1705.html

http://support.novell.com/security/cve/CVE-2013-1718.html

http://support.novell.com/security/cve/CVE-2013-1722.html

http://support.novell.com/security/cve/CVE-2013-1725.html

http://support.novell.com/security/cve/CVE-2013-1726.html

http://support.novell.com/security/cve/CVE-2013-1730.html

http://support.novell.com/security/cve/CVE-2013-1732.html

http://support.novell.com/security/cve/CVE-2013-1735.html

http://support.novell.com/security/cve/CVE-2013-1736.html

http://support.novell.com/security/cve/CVE-2013-1737.html

Plugin Details

Severity: Critical

ID: 70189

File Name: suse_11_MozillaFirefox-130919.nasl

Version: 1.9

Type: local

Agent: unix

Published: 9/28/2013

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:MozillaFirefox, p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 9/19/2013

Reference Information

CVE: CVE-2013-1705, CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1726, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737