The remote SUSE host is missing one or more security updates.
MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr and mozilla-nss were updated to fix nine security issues. Mozilla Firefox was updated to version 45.3.0 ESR. mozilla-nss was updated to version 3.21.1, mozilla-nspr to version 4.12. These security issues were fixed in 45.3.0ESR : - CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) (MFSA 2016-62) - CVE-2016-2830: Favicon network connection can persist when page is closed (MFSA 2016-63) - CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content (MFSA 2016-64) - CVE-2016-2839: Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 (MFSA 2016-65) - CVE-2016-5252: Stack underflow during 2D graphics rendering (MFSA 2016-67) - CVE-2016-5254: Use-after-free when using alt key and toplevel menus (MFSA 2016-70) - CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown (MFSA 2016-72) - CVE-2016-5259: Use-after-free in service workers with nested sync events (MFSA 2016-73) - CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes (MFSA 2016-76) - CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback (MFSA 2016-77) - CVE-2016-5263: Type confusion in display transformation (MFSA 2016-78) - CVE-2016-5264: Use-after-free when applying SVG effects (MFSA 2016-79) - CVE-2016-5265: Same-origin policy violation using local HTML file and saved shortcut file (MFSA 2016-80) - CVE-2016-6354: Fix for possible buffer overrun (bsc#990856) Security issues fixed in 45.2.0.ESR : - CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639). - CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651). - CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652). - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653). - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655). - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646). - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643). - CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch slessp2-MozillaFirefox-12690=1 SUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch dbgsp2-MozillaFirefox-12690=1 To bring your system up-to-date, use 'zypper patch'.