Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:0306-1)
Summary:The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2013:0306-1 advisory.
The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2013:0306-1 advisory.

Vulnerability Insight:
Mozilla Firefox is updated to the 10.0.12ESR version.

This is a roll-up update for LTSS.

It fixes a lot of security issues and bugs. 10.0.12ESR fixes specifically:


MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17.

Bill Gianopoulos, Benoit Jacob, Christoph Diehl,
Christian Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported memory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749)

Jesse Ruderman, Christian Holler, Julian Seward, and Scoobidiver reported memory safety problems and crashes that affect Firefox 17. (CVE-2013-0770)


MFSA 2013-02: Security researcher Abhishek Arya
(Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release.

The following issue has been fixed in Firefox 18:

o Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar (CVE-2013-0760)

The following issues has been fixed in Firefox 18,
ESR 17.0.1, and ESR 10.0.12:

o Heap-use-after-free in imgRequest::OnStopFrame
(CVE-2013-0762) o Heap-use-after-free in ~
(CVE-2013-0766) o Out of bounds read in nsSVGPathElement::GetPathLengthScale (CVE-2013-0763) o Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771)

The following issue has been fixed in Firefox 18 and in the earlier ESR 10.0.11 release:

o Heap-buffer-overflow in nsWindow::OnExposeEvent

MFSA 2013-03: Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash. (CVE-2013-0768)

Miaubiz also found a potentially exploitable crash when 2D and 3D content was mixed which was introduced during Firefox development and fixed before general release.


MFSA 2013-04: Security researcher Masato Kinugawa found a flaw in which the displayed URL values within the addressbar can be spoofed by a page during loading. This allows for phishing attacks where a malicious page can spoof the iden... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Mozilla Firefox' package(s) on SUSE Linux Enterprise Server 10 SP3

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-5829
BugTraq ID: 56636
Debian Security Information: DSA-2583 (Google Search)
Debian Security Information: DSA-2584 (Google Search)
Debian Security Information: DSA-2588 (Google Search)
RedHat Security Advisories: RHSA-2012:1482
RedHat Security Advisories: RHSA-2012:1483
SuSE Security Announcement: SUSE-SU-2012:1592 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:0048 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:0049 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:1583 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:1585 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:1586 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0131 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0149 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0175 (Google Search)
XForce ISS Database: firefox-onexposeevent-bo(80195)
Common Vulnerability Exposure (CVE) ID: CVE-2013-0743
BugTraq ID: 57258
Common Vulnerability Exposure (CVE) ID: CVE-2013-0744
RedHat Security Advisories: RHSA-2013:0144
RedHat Security Advisories: RHSA-2013:0145
Common Vulnerability Exposure (CVE) ID: CVE-2013-0745
Common Vulnerability Exposure (CVE) ID: CVE-2013-0746
Common Vulnerability Exposure (CVE) ID: CVE-2013-0747
Common Vulnerability Exposure (CVE) ID: CVE-2013-0748
Common Vulnerability Exposure (CVE) ID: CVE-2013-0749
Common Vulnerability Exposure (CVE) ID: CVE-2013-0750
Common Vulnerability Exposure (CVE) ID: CVE-2013-0751
Common Vulnerability Exposure (CVE) ID: CVE-2013-0752
Common Vulnerability Exposure (CVE) ID: CVE-2013-0753
Common Vulnerability Exposure (CVE) ID: CVE-2013-0754
Common Vulnerability Exposure (CVE) ID: CVE-2013-0755
Common Vulnerability Exposure (CVE) ID: CVE-2013-0756
Common Vulnerability Exposure (CVE) ID: CVE-2013-0757
Common Vulnerability Exposure (CVE) ID: CVE-2013-0758
Common Vulnerability Exposure (CVE) ID: CVE-2013-0759
Common Vulnerability Exposure (CVE) ID: CVE-2013-0760
Common Vulnerability Exposure (CVE) ID: CVE-2013-0762
BugTraq ID: 57193
Common Vulnerability Exposure (CVE) ID: CVE-2013-0763
Common Vulnerability Exposure (CVE) ID: CVE-2013-0764
Common Vulnerability Exposure (CVE) ID: CVE-2013-0766
BugTraq ID: 57194
Common Vulnerability Exposure (CVE) ID: CVE-2013-0768
Common Vulnerability Exposure (CVE) ID: CVE-2013-0769
Common Vulnerability Exposure (CVE) ID: CVE-2013-0770
Common Vulnerability Exposure (CVE) ID: CVE-2013-0771
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.