Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2013.0049.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:0049-1)
Summary:The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2013:0049-1 advisory.
Description:Summary:
The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2013:0049-1 advisory.

Vulnerability Insight:
Mozilla Firefox was updated to the 10.0.12ESR release.

*

MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

o Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. ( CVE-2013-0769
> ) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl,
Christian Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported memory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749
> ) o Jesse Ruderman, Christian Holler, Julian Seward, and Scoobidiver reported memory safety problems and crashes that affect Firefox 17. (CVE-2013-0770
> )
*

MFSA 2013-02: Security researcher Abhishek Arya
(Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release.

The following issue was fixed in Firefox 18:

o Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar (CVE-2013-0760
> )

The following issues were fixed in Firefox 18, ESR 17.0.1, and ESR 10.0.12:

o Heap-use-after-free in imgRequest::OnStopFrame
(CVE-2013-0762
> ) o Heap-use-after-free in ~
nsHTMLEditRules
(CVE-2013-0766
> ) o Out of bounds read in nsSVGPathElement::GetPathLengthScale ( CVE-2013-0767
> )

The following issues were fixed in Firefox 18 and ESR 17.0.1:

o Heap-use-after-free in mozilla::TrackUnionStream::EndTrack ( CVE-2013-0761
> ) o Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas (CVE-2013-0763
> ) o Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771
> )

The following issue was fixed in Firefox 18 and in the earlier ESR 10.0.11 release:

o Heap-buffer-overflow in nsWindow::OnExposeEvent
(CVE-2012-5829
> )
*

MFSA 2013-03: Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash. (CVE-2013-0768
> )

Miaubiz also found a potentially exploitable crash when 2D and 3D content was mixed which was introduced during Firefox development and fixed before general release.

*

MFSA 2013-04: Security researcher Masato Kinugawa found a flaw in which the displayed URL ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'MozillaFirefox' package(s) on SUSE Linux Enterprise Server 10 SP4, SUSE Linux Enterprise Desktop 10 SP4, SLE SDK 10 SP4

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-5829
BugTraq ID: 56636
http://www.securityfocus.com/bid/56636
Debian Security Information: DSA-2583 (Google Search)
http://www.debian.org/security/2012/dsa-2583
Debian Security Information: DSA-2584 (Google Search)
http://www.debian.org/security/2012/dsa-2584
Debian Security Information: DSA-2588 (Google Search)
http://www.debian.org/security/2012/dsa-2588
http://www.mandriva.com/security/advisories?name=MDVSA-2012:173
http://osvdb.org/87608
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16849
RedHat Security Advisories: RHSA-2012:1482
http://rhn.redhat.com/errata/RHSA-2012-1482.html
RedHat Security Advisories: RHSA-2012:1483
http://rhn.redhat.com/errata/RHSA-2012-1483.html
http://secunia.com/advisories/51359
http://secunia.com/advisories/51360
http://secunia.com/advisories/51369
http://secunia.com/advisories/51370
http://secunia.com/advisories/51381
http://secunia.com/advisories/51434
http://secunia.com/advisories/51439
http://secunia.com/advisories/51440
SuSE Security Announcement: SUSE-SU-2012:1592 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
SuSE Security Announcement: SUSE-SU-2013:0048 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
SuSE Security Announcement: SUSE-SU-2013:0049 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
SuSE Security Announcement: openSUSE-SU-2012:1583 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
SuSE Security Announcement: openSUSE-SU-2012:1585 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html
SuSE Security Announcement: openSUSE-SU-2012:1586 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
SuSE Security Announcement: openSUSE-SU-2013:0131 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
SuSE Security Announcement: openSUSE-SU-2013:0149 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
SuSE Security Announcement: openSUSE-SU-2013:0175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html
http://www.ubuntu.com/usn/USN-1636-1
http://www.ubuntu.com/usn/USN-1638-1
http://www.ubuntu.com/usn/USN-1638-2
http://www.ubuntu.com/usn/USN-1638-3
http://www.ubuntu.com/usn/USN-1681-1
http://www.ubuntu.com/usn/USN-1681-2
http://www.ubuntu.com/usn/USN-1681-4
XForce ISS Database: firefox-onexposeevent-bo(80195)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80195
Common Vulnerability Exposure (CVE) ID: CVE-2013-0743
BugTraq ID: 57258
http://www.securityfocus.com/bid/57258
http://www.openwall.com/lists/oss-security/2013/02/15/6
http://www.ubuntu.com/usn/USN-1687-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0744
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007
RedHat Security Advisories: RHSA-2013:0144
http://rhn.redhat.com/errata/RHSA-2013-0144.html
RedHat Security Advisories: RHSA-2013:0145
http://rhn.redhat.com/errata/RHSA-2013-0145.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17061
Common Vulnerability Exposure (CVE) ID: CVE-2013-0746
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16570
Common Vulnerability Exposure (CVE) ID: CVE-2013-0747
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16866
Common Vulnerability Exposure (CVE) ID: CVE-2013-0748
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17109
Common Vulnerability Exposure (CVE) ID: CVE-2013-0749
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953
Common Vulnerability Exposure (CVE) ID: CVE-2013-0750
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16957
Common Vulnerability Exposure (CVE) ID: CVE-2013-0751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16616
Common Vulnerability Exposure (CVE) ID: CVE-2013-0752
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16694
Common Vulnerability Exposure (CVE) ID: CVE-2013-0753
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17053
Common Vulnerability Exposure (CVE) ID: CVE-2013-0754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16812
Common Vulnerability Exposure (CVE) ID: CVE-2013-0755
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16952
Common Vulnerability Exposure (CVE) ID: CVE-2013-0756
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17101
Common Vulnerability Exposure (CVE) ID: CVE-2013-0757
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16939
Common Vulnerability Exposure (CVE) ID: CVE-2013-0758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087
Common Vulnerability Exposure (CVE) ID: CVE-2013-0759
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16827
Common Vulnerability Exposure (CVE) ID: CVE-2013-0760
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17086
Common Vulnerability Exposure (CVE) ID: CVE-2013-0761
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16832
Common Vulnerability Exposure (CVE) ID: CVE-2013-0762
BugTraq ID: 57193
http://www.securityfocus.com/bid/57193
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16288
Common Vulnerability Exposure (CVE) ID: CVE-2013-0763
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17107
Common Vulnerability Exposure (CVE) ID: CVE-2013-0764
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16715
Common Vulnerability Exposure (CVE) ID: CVE-2013-0766
BugTraq ID: 57194
http://www.securityfocus.com/bid/57194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189
Common Vulnerability Exposure (CVE) ID: CVE-2013-0767
BugTraq ID: 57195
http://www.securityfocus.com/bid/57195
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16171
Common Vulnerability Exposure (CVE) ID: CVE-2013-0768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16990
Common Vulnerability Exposure (CVE) ID: CVE-2013-0769
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16199
Common Vulnerability Exposure (CVE) ID: CVE-2013-0770
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16813
Common Vulnerability Exposure (CVE) ID: CVE-2013-0771
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17019
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.