openSUSE Security Update : MozillaFirefox (openSUSE-2015-619)

High Nessus Plugin ID 86238

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote openSUSE host is missing a security update.

Description

MozillaFirefox was updated to Firefox 41.0 (bnc#947003)

Security issues fixed :

- MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards

- MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers

- MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes

- MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute spoofing on Android by pasting URL with unknown scheme

- MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater

- MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video

- MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript

- MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode

- MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB

- MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video

- MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content

- MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems

- MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window

- MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed

- MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects

- MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers

- MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection

- MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library

- MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API

Solution

Update the affected MozillaFirefox packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=947003

Plugin Details

Severity: High

ID: 86238

File Name: openSUSE-2015-619.nasl

Version: 2.5

Type: local

Agent: unix

Published: 2015/10/02

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols, p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo, p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource, p-cpe:/a:novell:opensuse:MozillaFirefox-devel, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2015/09/23

Reference Information

CVE: CVE-2015-4476, CVE-2015-4500, CVE-2015-4501, CVE-2015-4502, CVE-2015-4503, CVE-2015-4504, CVE-2015-4505, CVE-2015-4506, CVE-2015-4507, CVE-2015-4508, CVE-2015-4509, CVE-2015-4510, CVE-2015-4511, CVE-2015-4512, CVE-2015-4516, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7178, CVE-2015-7179, CVE-2015-7180