SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 8879)

Critical Nessus Plugin ID 72554


The remote SuSE 11 host is missing one or more security updates.


This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4.

The following security issues have been fixed :

- Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345). (MFSA 2014-01)

- Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348). (MFSA 2014-02)

- Download 'open file' dialog delay is too quick, doesn't prevent clickjacking. (CVE-2014-1480). (MFSA 2014-03)

- Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356). (MFSA 2014-04)

- caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360). (MFSA 2014-05)

- Fennec leaks profile path to logcat. (CVE-2014-1484).
(MFSA 2014-06)

- CSP should block XSLT as script, not as style.
(CVE-2014-1485). (MFSA 2014-07)

- imgRequestProxy Use-After-Free Remote Code Execution Vulnerability. (CVE-2014-1486). (MFSA 2014-08)

- Cross-origin information disclosure with error message of Web Workers. (CVE-2014-1487). (MFSA 2014-09)

- settings & history ID bug. (CVE-2014-1489). (MFSA 2014-10)

- Firefox reproducibly crashes when using asm.js code in workers and transferable objects. (CVE-2014-1488). (MFSA 2014-11)

- TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289). (MFSA 2014-12)

- Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309). (MFSA 2014-13)


Apply SAT patch number 8879.

See Also

Plugin Details

Severity: Critical

ID: 72554

File Name: suse_11_firefox-201402-140207.nasl

Version: $Revision: 1.7 $

Type: local

Agent: unix

Published: 2014/02/18

Modified: 2014/03/22

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:MozillaFirefox, p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED, p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations, p-cpe:/a:novell:suse_linux:11:libfreebl3, p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit, p-cpe:/a:novell:suse_linux:11:libsoftokn3, p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-nss, p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2014/02/07

Reference Information

CVE: CVE-2014-1477, CVE-2014-1479, CVE-2014-1480, CVE-2014-1481, CVE-2014-1482, CVE-2014-1483, CVE-2014-1484, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1488, CVE-2014-1489, CVE-2014-1490, CVE-2014-1491