openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:0946-1)

Critical Nessus Plugin ID 75009

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote openSUSE host is missing a security update.

Description

MozillaFirefox was updated to Firefox 21.0 (bnc#819204)

- MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards

- MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor

- MFSA 2013-43/CVE-2013-1671 (bmo#842255) File input control has access to full path

- MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event

- MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent

- MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer

Changes in MozillaFirefox-branding-openSUSE :

- modified file locations for Firefox 21 and above

- added DuckDuckGo as search option (bnc#801121)

Solution

Update the affected MozillaFirefox packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=801121

https://bugzilla.novell.com/show_bug.cgi?id=814101

https://bugzilla.novell.com/show_bug.cgi?id=819204

https://lists.opensuse.org/opensuse-updates/2013-05/msg00031.html

https://lists.opensuse.org/opensuse-updates/2013-06/msg00082.html

Plugin Details

Severity: Critical

ID: 75009

File Name: openSUSE-2013-438.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2021/01/19

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-openSUSE, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols, p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo, p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource, p-cpe:/a:novell:opensuse:MozillaFirefox-devel, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other, p-cpe:/a:novell:opensuse:mozilla-nspr, p-cpe:/a:novell:opensuse:mozilla-nspr-32bit, p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource, p-cpe:/a:novell:opensuse:mozilla-nspr-devel, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/05/16

Reference Information

CVE: CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1671, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681

BID: 59855, 59858, 59859, 59860, 59861, 59862, 59863, 59864, 59865, 59868, 59869, 59870