Test ID:	1.3.6.1.4.1.25623.1.0.856173
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2024:1770-1)
Summary:	The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2024:1770-1 advisory.
Description:	Summary: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2024:1770-1 advisory. Vulnerability Insight: This update for MozillaFirefox fixes the following issues: Update to version 115.11.0 ESR (bsc#1224056): - CVE-2024-4367: Arbitrary JavaScript execution in PDF.js - CVE-2024-4767: IndexedDB files retained in private browsing mode - CVE-2024-4768: Potential permissions request bypass via clickjacking - CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types - CVE-2024-4770: Use-after-free could occur when printing to PDF - CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 Affected Software/OS: 'MozillaFirefox' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-2609 https://bugzilla.mozilla.org/show_bug.cgi?id=1866100 https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html https://www.mozilla.org/security/advisories/mfsa2024-12/ https://www.mozilla.org/security/advisories/mfsa2024-19/ https://www.mozilla.org/security/advisories/mfsa2024-20/ https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2024-3302 VU#421644 - HTTP/2 CONTINUATION frames can be utilized for DoS attacks https://kb.cert.org/vuls/id/421644 https://bugzilla.mozilla.org/show_bug.cgi?id=1881183 https://www.mozilla.org/security/advisories/mfsa2024-18/ Common Vulnerability Exposure (CVE) ID: CVE-2024-3852 https://bugzilla.mozilla.org/show_bug.cgi?id=1883542 Common Vulnerability Exposure (CVE) ID: CVE-2024-3854 https://bugzilla.mozilla.org/show_bug.cgi?id=1884552 Common Vulnerability Exposure (CVE) ID: CVE-2024-3857 https://bugzilla.mozilla.org/show_bug.cgi?id=1886683 Common Vulnerability Exposure (CVE) ID: CVE-2024-3859 https://bugzilla.mozilla.org/show_bug.cgi?id=1874489 Common Vulnerability Exposure (CVE) ID: CVE-2024-3861 https://bugzilla.mozilla.org/show_bug.cgi?id=1883158 Common Vulnerability Exposure (CVE) ID: CVE-2024-3863 https://bugzilla.mozilla.org/show_bug.cgi?id=1885855 Common Vulnerability Exposure (CVE) ID: CVE-2024-3864 Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 https://bugzilla.mozilla.org/show_bug.cgi?id=1888333 Common Vulnerability Exposure (CVE) ID: CVE-2024-4367 https://bugzilla.mozilla.org/show_bug.cgi?id=1893645 https://www.mozilla.org/security/advisories/mfsa2024-21/ https://www.mozilla.org/security/advisories/mfsa2024-22/ https://www.mozilla.org/security/advisories/mfsa2024-23/ https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2024-4767 https://bugzilla.mozilla.org/show_bug.cgi?id=1878577 Common Vulnerability Exposure (CVE) ID: CVE-2024-4768 https://bugzilla.mozilla.org/show_bug.cgi?id=1886082 Common Vulnerability Exposure (CVE) ID: CVE-2024-4769 https://bugzilla.mozilla.org/show_bug.cgi?id=1886108 Common Vulnerability Exposure (CVE) ID: CVE-2024-4770 https://bugzilla.mozilla.org/show_bug.cgi?id=1893270 Common Vulnerability Exposure (CVE) ID: CVE-2024-4777 Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.