New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote openSUSE host is missing a security update.
DescriptionMozillaFirefox was updated to Firefox 36.0.4 to fix two critical security issues found during Pwn2Own :
- MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through SVG navigation
Als fixed were the following bugs :
- Copy the icons to /usr/share/icons instead of symlinking them: in preparation for containerized apps (e.g.
xdg-app) as well as AppStream metadata extraction, there are a couple locations that need to be real files for system integration (.desktop files, icons, mime-type info).
- update to Firefox 36.0.1 Bugfixes :
- Disable the usage of the ANY DNS query type (bmo#1093983)
- Hello may become inactive until restart (bmo#1137469)
- Print preferences may not be preserved (bmo#1136855)
- Hello contact tabs may not be visible (bmo#1137141)
- Accept hostnames that include an underscore character ('_') (bmo#1136616)
- WebGL may use significant memory with Canvas2d (bmo#1137251)
- Option -remote has been restored (bmo#1080319)
SolutionUpdate the affected MozillaFirefox packages.