Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2016.3210.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2016:3210-1)
Zusammenfassung:The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2016:3210-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2016:3210-1 advisory.

Vulnerability Insight:
MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues:
* MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES
* MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized
before execution
* MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating
DOM subtrees
* MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events
and audio elements
* MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms
* MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments
* MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag
* MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded
by SVG images through data URLs
* MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and
Firefox ESR 45.6
* MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the
origin of events Please see [link moved to references]
for more information.
Also the following bug was fixed:
- Fix fontconfig issue (bsc#1000751) on 32bit systems as well.

Affected Software/OS:
'MozillaFirefox' package(s) on SUSE OpenStack Cloud 5, SUSE Manager Proxy 2.1, SUSE Manager 2.1, SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-9893
BugTraq ID: 94885
http://www.securityfocus.com/bid/94885
Debian Security Information: DSA-3757 (Google Search)
https://www.debian.org/security/2017/dsa-3757
https://security.gentoo.org/glsa/201701-15
RedHat Security Advisories: RHSA-2016:2946
http://rhn.redhat.com/errata/RHSA-2016-2946.html
RedHat Security Advisories: RHSA-2016:2973
http://rhn.redhat.com/errata/RHSA-2016-2973.html
http://www.securitytracker.com/id/1037461
Common Vulnerability Exposure (CVE) ID: CVE-2016-9895
Common Vulnerability Exposure (CVE) ID: CVE-2016-9897
Common Vulnerability Exposure (CVE) ID: CVE-2016-9898
Common Vulnerability Exposure (CVE) ID: CVE-2016-9899
https://www.exploit-db.com/exploits/41042/
Common Vulnerability Exposure (CVE) ID: CVE-2016-9900
Common Vulnerability Exposure (CVE) ID: CVE-2016-9901
Common Vulnerability Exposure (CVE) ID: CVE-2016-9902
Common Vulnerability Exposure (CVE) ID: CVE-2016-9904
Common Vulnerability Exposure (CVE) ID: CVE-2016-9905
BugTraq ID: 94884
http://www.securityfocus.com/bid/94884
http://www.securitytracker.com/id/1037462
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.