Test ID:	1.3.6.1.4.1.25623.1.0.851568
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:1620-1)
Summary:	The remote host is missing an update for the 'Mozilla'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'Mozilla' package(s) announced via the referenced advisory. Vulnerability Insight: This update for Mozilla Firefox, Thunderbird, and NSS fixes the following issues: Mozilla Firefox was updated to 52.2esr (boo#1043960) MFSA 2017-16: * CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when regenerating trees * CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading * CVE-2017-7750 (bmo#1356558) Use-after-free with track elements * CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners * CVE-2017-7752 (bmo#1359547) Use-after-free with IME input * CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo object * CVE-2017-7755 (bmo#1361326) Privilege escalation through Firefox Installer with same directory DLL files (Windows only) * CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging XHR header errors * CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777 Vulnerabilities in the Graphite 2 library * CVE-2017-7758 (bmo#1368490) Out-of-bounds read in Opus encoder * CVE-2017-7760 (bmo#1348645) File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service (Windows only) * CVE-2017-7761 (bmo#1215648) File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application (Windows only) * CVE-2017-7764 (bmo#1364283) Domain spoofing with combination of Canadian Syllabics and other unicode blocks * CVE-2017-7765 (bmo#1273265) Mark of the Web bypass when saving executable files (Windows only) * CVE-2017-7766 (bmo#1342742) File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service (Windows only) * CVE-2017-7767 (bmo#1336964) Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service (Windows only) * CVE-2017-7768 (bmo#1336979) 32 byte arbitrary file read through Mozilla Maintenance Service (Windows only) * CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - remove -fno-inline-small-functions and explicitly optimize with - O2 for openSUSE 13.2/Leap 42 to work with gcc7 (boo#1040105) Mozilla NSS was updated to NSS 3.28.5 * Implemented domain name constraints for CA: TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1. (bmo#1350859) * March 2017 batch of root CA changes (bmo#1350859) (version 2.14) CA certificates removed: O = Japanese Government, OU = ApplicationCA CN ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: Mozilla on openSUSE Leap 42.2 Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5470 BugTraq ID: 99041 http://www.securityfocus.com/bid/99041 Debian Security Information: DSA-3881 (Google Search) https://www.debian.org/security/2017/dsa-3881 Debian Security Information: DSA-3918 (Google Search) https://www.debian.org/security/2017/dsa-3918 RedHat Security Advisories: RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1440 RedHat Security Advisories: RHSA-2017:1561 https://access.redhat.com/errata/RHSA-2017:1561 http://www.securitytracker.com/id/1038689 Common Vulnerability Exposure (CVE) ID: CVE-2017-5472 BugTraq ID: 99040 http://www.securityfocus.com/bid/99040 Common Vulnerability Exposure (CVE) ID: CVE-2017-7749 BugTraq ID: 99057 http://www.securityfocus.com/bid/99057 Common Vulnerability Exposure (CVE) ID: CVE-2017-7750 Common Vulnerability Exposure (CVE) ID: CVE-2017-7751 Common Vulnerability Exposure (CVE) ID: CVE-2017-7752 Common Vulnerability Exposure (CVE) ID: CVE-2017-7754 Common Vulnerability Exposure (CVE) ID: CVE-2017-7755 Common Vulnerability Exposure (CVE) ID: CVE-2017-7756 Common Vulnerability Exposure (CVE) ID: CVE-2017-7757 Common Vulnerability Exposure (CVE) ID: CVE-2017-7758 Common Vulnerability Exposure (CVE) ID: CVE-2017-7760 Common Vulnerability Exposure (CVE) ID: CVE-2017-7761 https://sourceforge.net/p/nsis/bugs/1125/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7764 http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts Common Vulnerability Exposure (CVE) ID: CVE-2017-7765 Common Vulnerability Exposure (CVE) ID: CVE-2017-7766 Common Vulnerability Exposure (CVE) ID: CVE-2017-7767 Common Vulnerability Exposure (CVE) ID: CVE-2017-7768 Common Vulnerability Exposure (CVE) ID: CVE-2017-7771 Common Vulnerability Exposure (CVE) ID: CVE-2017-7772 Common Vulnerability Exposure (CVE) ID: CVE-2017-7773 Common Vulnerability Exposure (CVE) ID: CVE-2017-7774 Common Vulnerability Exposure (CVE) ID: CVE-2017-7775 Common Vulnerability Exposure (CVE) ID: CVE-2017-7776 Common Vulnerability Exposure (CVE) ID: CVE-2017-7777 Common Vulnerability Exposure (CVE) ID: CVE-2017-7778 Debian Security Information: DSA-3894 (Google Search) https://www.debian.org/security/2017/dsa-3894 https://security.gentoo.org/glsa/201710-13 RedHat Security Advisories: RHSA-2017:1793 https://access.redhat.com/errata/RHSA-2017:1793
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.