Detections
Analytics

SuSE 11.2 / 11.3 Security Update : Mozilla Firefox (SAT Patch Numbers 8344 / 8346)

critical Nessus Plugin ID 70189

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This update to Firefox 17.0.9esr (bnc#840485) addresses :

 - User-defined properties on DOM proxies get the wrong 'this' object. (MFSA 2013-91)

 -. (CVE-2013-1737)

 - Memory corruption involving scrolling. (MFSA 2013-90)

 - use-after-free in mozilla::layout::ScrollbarActivity.
 (CVE-2013-1735)

 - Memory corruption in nsGfxScrollFrameInner::IsLTR().
 (CVE-2013-1736)

 - Buffer overflow with multi-column, lists, and floats.
 (MFSA 2013-89)

 - buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats. (CVE-2013-1732)

 - compartment mismatch re-attaching XBL-backed nodes.
 (MFSA 2013-88)

 - compartment mismatch in nsXBLBinding::DoInitJSClass.
 (CVE-2013-1730)

 - Mozilla Updater does not lock MAR file after signature verification. (MFSA 2013-83)

 - MAR signature bypass in Updater could lead to downgrade.
 (CVE-2013-1726)

 - Calling scope for new JavaScript objects can lead to memory corruption. (MFSA 2013-82)

 - ABORT: bad scope for new JSObjects: ReparentWrapper / document.open. (CVE-2013-1725)

 - Use-after-free in Animation Manager during stylesheet cloning. (MFSA 2013-79)

 - Heap-use-after-free in nsAnimationManager::BuildAnimations. (CVE-2013-1722)

 - Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9). (MFSA 2013-76)

 - Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0. (CVE-2013-1718)

 - Buffer underflow when generating CRMF requests. (MFSA 2013-65)

 - ASAN heap-buffer-overflow (read 1) in cryptojs_interpret_key_gen_type (CVE-2013-1705)

Solution

Apply SAT patch number 8344 / 8346 as appropriate.

See Also

http://www.mozilla.org/security/announce/2013/mfsa2013-65.html

http://www.mozilla.org/security/announce/2013/mfsa2013-76.html

http://www.mozilla.org/security/announce/2013/mfsa2013-79.html

http://www.mozilla.org/security/announce/2013/mfsa2013-82.html

http://www.mozilla.org/security/announce/2013/mfsa2013-83.html

http://www.mozilla.org/security/announce/2013/mfsa2013-88.html

http://www.mozilla.org/security/announce/2013/mfsa2013-89.html

http://www.mozilla.org/security/announce/2013/mfsa2013-90.html

http://www.mozilla.org/security/announce/2013/mfsa2013-91.html

https://bugzilla.novell.com/show_bug.cgi?id=840485

http://support.novell.com/security/cve/CVE-2013-1705.html

http://support.novell.com/security/cve/CVE-2013-1718.html

http://support.novell.com/security/cve/CVE-2013-1722.html

http://support.novell.com/security/cve/CVE-2013-1725.html

http://support.novell.com/security/cve/CVE-2013-1726.html

http://support.novell.com/security/cve/CVE-2013-1730.html

http://support.novell.com/security/cve/CVE-2013-1732.html

http://support.novell.com/security/cve/CVE-2013-1735.html

http://support.novell.com/security/cve/CVE-2013-1736.html

http://support.novell.com/security/cve/CVE-2013-1737.html

Plugin Details

Severity: Critical

ID: 70189

File Name: suse_11_MozillaFirefox-130919.nasl

Version: 1.9

Type: local

Agent: unix

Published: 9/28/2013

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:mozillafirefox, p-cpe:/a:novell:suse_linux:11:mozillafirefox-translations, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 9/19/2013

Reference Information

CVE: CVE-2013-1705, CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1726, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737