SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 8879)

critical Nessus Plugin ID 72554
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4.

The following security issues have been fixed :

- Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345). (MFSA 2014-01)

- Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348). (MFSA 2014-02)

- Download 'open file' dialog delay is too quick, doesn't prevent clickjacking. (CVE-2014-1480). (MFSA 2014-03)

- Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356). (MFSA 2014-04)

- caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360). (MFSA 2014-05)

- Fennec leaks profile path to logcat. (CVE-2014-1484).
(MFSA 2014-06)

- CSP should block XSLT as script, not as style.
(CVE-2014-1485). (MFSA 2014-07)

- imgRequestProxy Use-After-Free Remote Code Execution Vulnerability. (CVE-2014-1486). (MFSA 2014-08)

- Cross-origin information disclosure with error message of Web Workers. (CVE-2014-1487). (MFSA 2014-09)

- settings & history ID bug. (CVE-2014-1489). (MFSA 2014-10)

- Firefox reproducibly crashes when using asm.js code in workers and transferable objects. (CVE-2014-1488). (MFSA 2014-11)

- TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289). (MFSA 2014-12)

- Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309). (MFSA 2014-13)

Solution

Apply SAT patch number 8879.

See Also

http://www.mozilla.org/security/announce/2014/mfsa2014-01.html

http://www.mozilla.org/security/announce/2014/mfsa2014-02.html

http://www.mozilla.org/security/announce/2014/mfsa2014-03.html

http://www.mozilla.org/security/announce/2014/mfsa2014-04.html

http://www.mozilla.org/security/announce/2014/mfsa2014-05.html

http://www.mozilla.org/security/announce/2014/mfsa2014-06.html

http://www.mozilla.org/security/announce/2014/mfsa2014-07.html

http://www.mozilla.org/security/announce/2014/mfsa2014-08.html

http://www.mozilla.org/security/announce/2014/mfsa2014-09.html

http://www.mozilla.org/security/announce/2014/mfsa2014-10.html

http://www.mozilla.org/security/announce/2014/mfsa2014-11.html

http://www.mozilla.org/security/announce/2014/mfsa2014-12.html

http://www.mozilla.org/security/announce/2014/mfsa2014-13.html

https://bugzilla.novell.com/show_bug.cgi?id=859055

https://bugzilla.novell.com/show_bug.cgi?id=861847

http://support.novell.com/security/cve/CVE-2014-1477.html

http://support.novell.com/security/cve/CVE-2014-1479.html

http://support.novell.com/security/cve/CVE-2014-1480.html

http://support.novell.com/security/cve/CVE-2014-1481.html

http://support.novell.com/security/cve/CVE-2014-1482.html

http://support.novell.com/security/cve/CVE-2014-1483.html

http://support.novell.com/security/cve/CVE-2014-1484.html

http://support.novell.com/security/cve/CVE-2014-1485.html

http://support.novell.com/security/cve/CVE-2014-1486.html

http://support.novell.com/security/cve/CVE-2014-1487.html

http://support.novell.com/security/cve/CVE-2014-1488.html

http://support.novell.com/security/cve/CVE-2014-1489.html

http://support.novell.com/security/cve/CVE-2014-1490.html

http://support.novell.com/security/cve/CVE-2014-1491.html

Plugin Details

Severity: Critical

ID: 72554

File Name: suse_11_firefox-201402-140207.nasl

Version: 1.9

Type: local

Agent: unix

Published: 2/18/2014

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:MozillaFirefox, p-cpe:/a:novell:suse_linux:11:MozillaFirefox-branding-SLED, p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations, p-cpe:/a:novell:suse_linux:11:libfreebl3, p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit, p-cpe:/a:novell:suse_linux:11:libsoftokn3, p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-nss, p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2/7/2014

Reference Information

CVE: CVE-2014-1477, CVE-2014-1479, CVE-2014-1480, CVE-2014-1481, CVE-2014-1482, CVE-2014-1483, CVE-2014-1484, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1488, CVE-2014-1489, CVE-2014-1490, CVE-2014-1491