openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr (openSUSE-2015-290)

high Nessus Plugin ID 82651
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities.

Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency.

The following vulnerabilities were fixed in Mozilla Firefox :

- Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 boo#925392)

- Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813 bmo#1106596 boo#925393)

- Add-on lightweight theme installation approval bypassed through MITM attack (MFSA 2015-32/CVE-2015-0812 bmo#1128126 boo#925394)

- resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816 bmo#1144991 boo#925395)

- Out of bounds read in QCMS library (MFSA-2015-34/CVE-2015-0811 bmo#1132468 boo#925396)

- Incorrect memory management for simple-type arrays in WebRTC (MFSA-2015-36/CVE-2015-0808 bmo#1109552 boo#925397)

- CORS requests should not follow 30x redirections after preflight (MFSA-2015-37/CVE-2015-0807 bmo#1111834 boo#925398)

- Memory corruption crashes in Off Main Thread Compositing (MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 bmo#1135511 bmo#1099437 boo#925399)

- Use-after-free due to type confusion flaws (MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (mo#1134560 boo#925400)

- Same-origin bypass through anchor navigation (MFSA-2015-40/CVE-2015-0801 bmo#1146339 boo#925401)

- Windows can retain access to privileged content on navigation to unprivileged pages (MFSA-2015-42/CVE-2015-0802 bmo#1124898 boo#925402)

The following vulnerability was fixed in functionality that was not released as an update to openSUSE :

- Certificate verification could be bypassed through the HTTP/2 Alt-Svc header (MFSA 2015-44/CVE-2015-0799 bmo#1148328 bnc#926166)

The functionality added in 37.0 and thus removed in 37.0.1 was :

- Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc

The following functionality was added or updated in Mozilla Firefox :

- Heartbeat user rating system

- Yandex set as default search provider for the Turkish locale

- Bing search now uses HTTPS for secure searching

- Improved protection against site impersonation via OneCRL centralized certificate revocation

- some more behaviour changes for TLS

The following vulnerabilities were fixed in Mozilla Thunderbird :

- Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 boo#925392)

- Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813 bmo#1106596 boo#925393)

- resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816 bmo#1144991 boo#925395)

- CORS requests should not follow 30x redirections after preflight (MFSA-2015-37/CVE-2015-0807 bmo#1111834 boo#925398)

- Same-origin bypass through anchor navigation (MFSA-2015-40/CVE-2015-0801 bmo#1146339 boo#925401)

mozilla-nspr was updated to 4.10.8 as a dependency and received the following changes :

- bmo#573192: remove the stack-based PRFileDesc cache.

- bmo#756047: check for _POSIX_THREAD_PRIORITY_SCHEDULING > 0 instead of only checking if the identifier is defined.

- bmo#1089908: Fix variable shadowing in _PR_MD_LOCKFILE.
Use PR_ARRAY_SIZE to get the array size of
_PR_RUNQ(t->cpu).

- bmo#1106600: Replace PR_ASSERT(!'foo') with PR_NOT_REACHED('foo') to fix clang -Wstring-conversion warnings.

Solution

Update the affected MozillaFirefox / MozillaThunderbird / mozilla-nspr packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=925368

https://bugzilla.opensuse.org/show_bug.cgi?id=925392

https://bugzilla.opensuse.org/show_bug.cgi?id=925393

https://bugzilla.opensuse.org/show_bug.cgi?id=925394

https://bugzilla.opensuse.org/show_bug.cgi?id=925395

https://bugzilla.opensuse.org/show_bug.cgi?id=925396

https://bugzilla.opensuse.org/show_bug.cgi?id=925397

https://bugzilla.opensuse.org/show_bug.cgi?id=925398

https://bugzilla.opensuse.org/show_bug.cgi?id=925399

https://bugzilla.opensuse.org/show_bug.cgi?id=925400

https://bugzilla.opensuse.org/show_bug.cgi?id=925401

https://bugzilla.opensuse.org/show_bug.cgi?id=925402

https://bugzilla.opensuse.org/show_bug.cgi?id=926166

Plugin Details

Severity: High

ID: 82651

File Name: openSUSE-2015-290.nasl

Version: 1.8

Type: local

Agent: unix

Published: 4/9/2015

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols, p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo, p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource, p-cpe:/a:novell:opensuse:MozillaFirefox-devel, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other, p-cpe:/a:novell:opensuse:MozillaThunderbird, p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols, p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other, p-cpe:/a:novell:opensuse:mozilla-nspr, p-cpe:/a:novell:opensuse:mozilla-nspr-32bit, p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource, p-cpe:/a:novell:opensuse:mozilla-nspr-devel, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/7/2015

Exploitable With

Metasploit (Firefox PDF.js Privileged Javascript Injection)

Reference Information

CVE: CVE-2015-0799, CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804, CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808, CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814, CVE-2015-0815, CVE-2015-0816