Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2013.1325.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:1325-1)
Summary:The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2013:1325-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2013:1325-1 advisory.

Vulnerability Insight:
This update to Firefox 17.0.8esr (bnc#833389) addresses:

* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 (bmo#855331,
bmo#844088, bmo#858060, bmo#870200, bmo#874974, bmo#861530,
bmo#854157, bmo#893684, bmo#878703, bmo#862185, bmo#879139,
bmo#888107, bmo#880734)

Miscellaneous memory safety hazards have been fixed
(rv:23.0 / rv:17.0.8):

* MFSA 2013-66/CVE-2013-1706/CVE-2013-1707 (bmo#888314,
bmo#888361) Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
* MFSA 2013-68/CVE-2013-1709 (bmo#848253) Document URI misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks
* MFSA 2013-71/CVE-2013-1712 (bmo#859072) Further Privilege escalation through Mozilla Updater
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541) Local Java applets may read contents of local file system

Affected Software/OS:
'Mozilla Firefox' package(s) on SUSE Linux Enterprise Software Development Kit 11 SP3, SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise Desktop 11 SP3, SUSE Linux Enterprise Desktop 11 SP2

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1701
BugTraq ID: 61874
http://www.securityfocus.com/bid/61874
Debian Security Information: DSA-2735 (Google Search)
http://www.debian.org/security/2013/dsa-2735
Debian Security Information: DSA-2746 (Google Search)
http://www.debian.org/security/2013/dsa-2746
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18514
Common Vulnerability Exposure (CVE) ID: CVE-2013-1702
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18876
Common Vulnerability Exposure (CVE) ID: CVE-2013-1706
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18930
Common Vulnerability Exposure (CVE) ID: CVE-2013-1707
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18871
Common Vulnerability Exposure (CVE) ID: CVE-2013-1709
BugTraq ID: 61867
http://www.securityfocus.com/bid/61867
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18531
Common Vulnerability Exposure (CVE) ID: CVE-2013-1710
BugTraq ID: 61900
http://www.securityfocus.com/bid/61900
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18773
Common Vulnerability Exposure (CVE) ID: CVE-2013-1712
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18014
Common Vulnerability Exposure (CVE) ID: CVE-2013-1713
BugTraq ID: 61876
http://www.securityfocus.com/bid/61876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18884
Common Vulnerability Exposure (CVE) ID: CVE-2013-1714
BugTraq ID: 61882
http://www.securityfocus.com/bid/61882
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18002
Common Vulnerability Exposure (CVE) ID: CVE-2013-1717
BugTraq ID: 61896
http://www.securityfocus.com/bid/61896
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18367
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.