Búsqueda de    
Vulnerabilidad   
    Buscar 211766 Descripciones CVE y
97459 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2016.3210.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2016:3210-1)
Resumen:The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2016:3210-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2016:3210-1 advisory.

Vulnerability Insight:
MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues:
* MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES
* MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized
before execution
* MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating
DOM subtrees
* MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events
and audio elements
* MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms
* MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments
* MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag
* MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded
by SVG images through data URLs
* MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and
Firefox ESR 45.6
* MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the
origin of events Please see [link moved to references]
for more information.
Also the following bug was fixed:
- Fix fontconfig issue (bsc#1000751) on 32bit systems as well.

Affected Software/OS:
'MozillaFirefox' package(s) on SUSE OpenStack Cloud 5, SUSE Manager Proxy 2.1, SUSE Manager 2.1, SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-9893
BugTraq ID: 94885
http://www.securityfocus.com/bid/94885
Debian Security Information: DSA-3757 (Google Search)
https://www.debian.org/security/2017/dsa-3757
https://security.gentoo.org/glsa/201701-15
RedHat Security Advisories: RHSA-2016:2946
http://rhn.redhat.com/errata/RHSA-2016-2946.html
RedHat Security Advisories: RHSA-2016:2973
http://rhn.redhat.com/errata/RHSA-2016-2973.html
http://www.securitytracker.com/id/1037461
Common Vulnerability Exposure (CVE) ID: CVE-2016-9895
Common Vulnerability Exposure (CVE) ID: CVE-2016-9897
Common Vulnerability Exposure (CVE) ID: CVE-2016-9898
Common Vulnerability Exposure (CVE) ID: CVE-2016-9899
https://www.exploit-db.com/exploits/41042/
Common Vulnerability Exposure (CVE) ID: CVE-2016-9900
Common Vulnerability Exposure (CVE) ID: CVE-2016-9901
Common Vulnerability Exposure (CVE) ID: CVE-2016-9902
Common Vulnerability Exposure (CVE) ID: CVE-2016-9904
Common Vulnerability Exposure (CVE) ID: CVE-2016-9905
BugTraq ID: 94884
http://www.securityfocus.com/bid/94884
http://www.securitytracker.com/id/1037462
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 97459 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.