Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2015.1528.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2015:1528-1)
Summary:The remote host is missing an update for the 'MozillaFirefox, mozilla-nss' package(s) announced via the SUSE-SU-2015:1528-1 advisory.
Description:Summary:
The remote host is missing an update for the 'MozillaFirefox, mozilla-nss' package(s) announced via the SUSE-SU-2015:1528-1 advisory.

Vulnerability Insight:
Mozilla Firefox is being updated to the current Firefox 38ESR branch
(specifically the 38.2.0ESR release).
Security issues fixed:
- MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file
stealing via PDF reader
- MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety
hazards (rv:40.0 / rv:38.2)
- MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file
- MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable
JavaScript object properties
- MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright
- MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in
JavaScript
- MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling
bitmap images
- MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx
when decoding WebM video
- MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489:
Vulnerabilities found through code inspection
- MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with
shared workers This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR.
Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses.

Affected Software/OS:
'MozillaFirefox, mozilla-nss' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Software Development Kit 11-SP3, SUSE Linux Enterprise Server for VMWare 11-SP3, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Desktop 11-SP4, SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-4473
Debian Security Information: DSA-3333 (Google Search)
http://www.debian.org/security/2015/dsa-3333
Debian Security Information: DSA-3410 (Google Search)
http://www.debian.org/security/2015/dsa-3410
https://security.gentoo.org/glsa/201605-06
RedHat Security Advisories: RHSA-2015:1586
http://rhn.redhat.com/errata/RHSA-2015-1586.html
RedHat Security Advisories: RHSA-2015:1682
http://rhn.redhat.com/errata/RHSA-2015-1682.html
http://www.securitytracker.com/id/1033247
http://www.securitytracker.com/id/1033372
SuSE Security Announcement: SUSE-SU-2015:1449 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
SuSE Security Announcement: SUSE-SU-2015:1528 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
SuSE Security Announcement: SUSE-SU-2015:2081 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
SuSE Security Announcement: openSUSE-SU-2015:1389 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
SuSE Security Announcement: openSUSE-SU-2015:1390 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
SuSE Security Announcement: openSUSE-SU-2015:1453 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
SuSE Security Announcement: openSUSE-SU-2015:1454 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
http://www.ubuntu.com/usn/USN-2702-1
http://www.ubuntu.com/usn/USN-2702-2
http://www.ubuntu.com/usn/USN-2702-3
http://www.ubuntu.com/usn/USN-2712-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-4474
Common Vulnerability Exposure (CVE) ID: CVE-2015-4475
BugTraq ID: 76294
http://www.securityfocus.com/bid/76294
Common Vulnerability Exposure (CVE) ID: CVE-2015-4478
Common Vulnerability Exposure (CVE) ID: CVE-2015-4479
http://www.zerodayinitiative.com/advisories/ZDI-15-456
Common Vulnerability Exposure (CVE) ID: CVE-2015-4484
Common Vulnerability Exposure (CVE) ID: CVE-2015-4485
Common Vulnerability Exposure (CVE) ID: CVE-2015-4486
Common Vulnerability Exposure (CVE) ID: CVE-2015-4487
Common Vulnerability Exposure (CVE) ID: CVE-2015-4488
Common Vulnerability Exposure (CVE) ID: CVE-2015-4489
Common Vulnerability Exposure (CVE) ID: CVE-2015-4491
Debian Security Information: DSA-3337 (Google Search)
http://www.debian.org/security/2015/dsa-3337
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165703.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165732.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165730.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html
https://security.gentoo.org/glsa/201512-05
RedHat Security Advisories: RHSA-2015:1694
http://rhn.redhat.com/errata/RHSA-2015-1694.html
SuSE Security Announcement: openSUSE-SU-2015:1500 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-09/msg00002.html
http://www.ubuntu.com/usn/USN-2722-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-4492
BugTraq ID: 76297
http://www.securityfocus.com/bid/76297
Common Vulnerability Exposure (CVE) ID: CVE-2015-4495
BugTraq ID: 76249
http://www.securityfocus.com/bid/76249
https://www.exploit-db.com/exploits/37772/
https://security.gentoo.org/glsa/201512-10
RedHat Security Advisories: RHSA-2015:1581
http://rhn.redhat.com/errata/RHSA-2015-1581.html
http://www.securitytracker.com/id/1033216
SuSE Security Announcement: SUSE-SU-2015:1379 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html
SuSE Security Announcement: SUSE-SU-2015:1380 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html
http://www.ubuntu.com/usn/USN-2707-1
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.