Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2017.2235.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2017:2235-1)
Summary:The remote host is missing an update for the 'MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss' package(s) announced via the SUSE-SU-2017:2235-1 advisory.
Description:Summary:
The remote host is missing an update for the 'MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss' package(s) announced via the SUSE-SU-2017:2235-1 advisory.

Vulnerability Insight:
This update for MozillaFirefox and mozilla-nss fixes the following issues:
Security issues fixed:
- Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16)
- CVE-2017-7758: Out-of-bounds read in Opus encoder
- CVE-2017-7749: Use-after-free during docshell reloading
- CVE-2017-7751: Use-after-free with content viewer listeners
- CVE-2017-5472: Use-after-free using destroyed node when regenerating
trees
- CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR
52.2
- CVE-2017-7752: Use-after-free with IME input
- CVE-2017-7750: Use-after-free with track elements
- CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance
Service
- CVE-2017-7778: Vulnerabilities in the Graphite 2 library
- CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
- CVE-2017-7755: Privilege escalation through Firefox Installer with
same directory DLL files
- CVE-2017-7756: Use-after-free and use-after-scope logging XHR header
errors
- CVE-2017-7757: Use-after-free in IndexedDB
- CVE-2017-7761: File deletion and privilege escalation through Mozilla
Maintenance Service helper.exe application
- CVE-2017-7763: Mac fonts render some unicode characters as spaces
- CVE-2017-7765: Mark of the Web bypass when saving executable files
- CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics
and other unicode blocks
- update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12)
- CVE-2016-10196: Vulnerabilities in Libevent library
- CVE-2017-5443: Out-of-bounds write during BinHex decoding
- CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR
45.9, and Firefox ESR 52.1
- CVE-2017-5464: Memory corruption with accessibility and DOM
manipulation
- CVE-2017-5465: Out-of-bounds read in ConvolvePixel
- CVE-2017-5466: Origin confusion when reloading isolated data:text/html
URL
- CVE-2017-5467: Memory corruption when drawing Skia content
- CVE-2017-5460: Use-after-free in frame selection
- CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
- CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
- CVE-2017-5449: Crash during bidirectional unicode manipulation with
animation
- CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent
with incorrect data
- CVE-2017-5447: Out-of-bounds read during glyph processing
- CVE-2017-5444: Buffer overflow while parsing
application/http-index-format content
- CVE-2017-5445: Uninitialized values used while parsing
application/http- index-format content
- CVE-2017-5442: Use-after-free during style changes
- CVE-2017-5469: Potential Buffer overflow in flex-generated code
- CVE-2017-5440: Use-after-free in txExecutionState destructor during
XSLT processing
- CVE-2017-5441: Use-after-free with selection during scroll events
- CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT
processing
- CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5276
http://www.securitytracker.com/id/1034375
SuSE Security Announcement: openSUSE-SU-2015:1946 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html
SuSE Security Announcement: openSUSE-SU-2016:1069 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-5429
BugTraq ID: 97940
http://www.securityfocus.com/bid/97940
Debian Security Information: DSA-3831 (Google Search)
https://www.debian.org/security/2017/dsa-3831
RedHat Security Advisories: RHSA-2017:1104
https://access.redhat.com/errata/RHSA-2017:1104
RedHat Security Advisories: RHSA-2017:1106
https://access.redhat.com/errata/RHSA-2017:1106
RedHat Security Advisories: RHSA-2017:1201
https://access.redhat.com/errata/RHSA-2017:1201
http://www.securitytracker.com/id/1038320
Common Vulnerability Exposure (CVE) ID: CVE-2017-5430
Common Vulnerability Exposure (CVE) ID: CVE-2017-5432
Common Vulnerability Exposure (CVE) ID: CVE-2017-5433
Common Vulnerability Exposure (CVE) ID: CVE-2017-5434
Common Vulnerability Exposure (CVE) ID: CVE-2017-5435
Common Vulnerability Exposure (CVE) ID: CVE-2017-5436
https://security.gentoo.org/glsa/201706-25
Common Vulnerability Exposure (CVE) ID: CVE-2017-5438
Common Vulnerability Exposure (CVE) ID: CVE-2017-5439
BugTraq ID: 103053
http://www.securityfocus.com/bid/103053
Common Vulnerability Exposure (CVE) ID: CVE-2017-5440
Common Vulnerability Exposure (CVE) ID: CVE-2017-5441
Common Vulnerability Exposure (CVE) ID: CVE-2017-5442
Common Vulnerability Exposure (CVE) ID: CVE-2017-5443
Common Vulnerability Exposure (CVE) ID: CVE-2017-5444
Common Vulnerability Exposure (CVE) ID: CVE-2017-5445
Common Vulnerability Exposure (CVE) ID: CVE-2017-5446
Common Vulnerability Exposure (CVE) ID: CVE-2017-5447
https://www.exploit-db.com/exploits/42071/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5448
Common Vulnerability Exposure (CVE) ID: CVE-2017-5449
Common Vulnerability Exposure (CVE) ID: CVE-2017-5451
Common Vulnerability Exposure (CVE) ID: CVE-2017-5454
Common Vulnerability Exposure (CVE) ID: CVE-2017-5455
Common Vulnerability Exposure (CVE) ID: CVE-2017-5456
Common Vulnerability Exposure (CVE) ID: CVE-2017-5459
Common Vulnerability Exposure (CVE) ID: CVE-2017-5460
Common Vulnerability Exposure (CVE) ID: CVE-2017-5461
BugTraq ID: 98050
http://www.securityfocus.com/bid/98050
http://www.debian.org/security/2017/dsa-3831
Debian Security Information: DSA-3872 (Google Search)
http://www.debian.org/security/2017/dsa-3872
https://security.gentoo.org/glsa/201705-04
RedHat Security Advisories: RHSA-2017:1100
https://access.redhat.com/errata/RHSA-2017:1100
RedHat Security Advisories: RHSA-2017:1101
https://access.redhat.com/errata/RHSA-2017:1101
RedHat Security Advisories: RHSA-2017:1102
https://access.redhat.com/errata/RHSA-2017:1102
RedHat Security Advisories: RHSA-2017:1103
https://access.redhat.com/errata/RHSA-2017:1103
Common Vulnerability Exposure (CVE) ID: CVE-2017-5462
https://www.debian.org/security/2017/dsa-3872
Common Vulnerability Exposure (CVE) ID: CVE-2017-5464
Common Vulnerability Exposure (CVE) ID: CVE-2017-5465
https://www.exploit-db.com/exploits/42072/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5466
Common Vulnerability Exposure (CVE) ID: CVE-2017-5467
Common Vulnerability Exposure (CVE) ID: CVE-2017-5469
Common Vulnerability Exposure (CVE) ID: CVE-2017-5470
BugTraq ID: 99041
http://www.securityfocus.com/bid/99041
Debian Security Information: DSA-3881 (Google Search)
https://www.debian.org/security/2017/dsa-3881
Debian Security Information: DSA-3918 (Google Search)
https://www.debian.org/security/2017/dsa-3918
RedHat Security Advisories: RHSA-2017:1440
https://access.redhat.com/errata/RHSA-2017:1440
RedHat Security Advisories: RHSA-2017:1561
https://access.redhat.com/errata/RHSA-2017:1561
http://www.securitytracker.com/id/1038689
Common Vulnerability Exposure (CVE) ID: CVE-2017-5472
BugTraq ID: 99040
http://www.securityfocus.com/bid/99040
Common Vulnerability Exposure (CVE) ID: CVE-2017-7749
BugTraq ID: 99057
http://www.securityfocus.com/bid/99057
Common Vulnerability Exposure (CVE) ID: CVE-2017-7750
Common Vulnerability Exposure (CVE) ID: CVE-2017-7751
Common Vulnerability Exposure (CVE) ID: CVE-2017-7752
Common Vulnerability Exposure (CVE) ID: CVE-2017-7754
Common Vulnerability Exposure (CVE) ID: CVE-2017-7755
Common Vulnerability Exposure (CVE) ID: CVE-2017-7756
Common Vulnerability Exposure (CVE) ID: CVE-2017-7757
Common Vulnerability Exposure (CVE) ID: CVE-2017-7758
Common Vulnerability Exposure (CVE) ID: CVE-2017-7761
https://sourceforge.net/p/nsis/bugs/1125/
Common Vulnerability Exposure (CVE) ID: CVE-2017-7763
Common Vulnerability Exposure (CVE) ID: CVE-2017-7764
http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts
Common Vulnerability Exposure (CVE) ID: CVE-2017-7765
Common Vulnerability Exposure (CVE) ID: CVE-2017-7768
Common Vulnerability Exposure (CVE) ID: CVE-2017-7778
Debian Security Information: DSA-3894 (Google Search)
https://www.debian.org/security/2017/dsa-3894
https://security.gentoo.org/glsa/201710-13
RedHat Security Advisories: RHSA-2017:1793
https://access.redhat.com/errata/RHSA-2017:1793
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.