Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:4235-1)
Summary:The remote host is missing an update for the 'MozillaFirefox, mozilla-nspr and mozilla-nss' package(s) announced via the SUSE-SU-2018:4235-1 advisory.
The remote host is missing an update for the 'MozillaFirefox, mozilla-nspr and mozilla-nss' package(s) announced via the SUSE-SU-2018:4235-1 advisory.

Vulnerability Insight:
This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues:

Issues fixed in MozillaFirefox:
Update to Firefox ESR 60.4 (bsc#1119105)

CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE
library with TextureStorage11

CVE-2018-18492: Fixed a use-after-free with select element

CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with

CVE-2018-18494: Fixed a Same-origin policy violation using location
attribute and performance.getEntries to steal cross-origin URLs

CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes
for images

CVE-2018-12405: Fixed a few memory safety bugs

Issues fixed in mozilla-nss:
Update to NSS 3.40.1 (bsc#1119105)

CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher
attack (bsc#1119069)

CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an
SSLv2-compatible ClientHello with a ServerHello that had an all-zero
random. (bsc#1106873)

CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA
signatures (bsc#1097410)

Fixed a decryption failure during FFDHE key exchange

Various security fixes in the ASN.1 code

Issues fixed in mozilla-nspr:
Update mozilla-nspr to 4.20 (bsc#1119105)

Affected Software/OS:
'MozillaFirefox, mozilla-nspr and mozilla-nss' package(s) on SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Desktop Applications 15, SUSE Linux Enterprise Module for Basesystem 15

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-0495
Debian Security Information: DSA-4231 (Google Search);a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965
RedHat Security Advisories: RHSA-2018:3221
RedHat Security Advisories: RHSA-2018:3505
RedHat Security Advisories: RHSA-2019:1296
RedHat Security Advisories: RHSA-2019:1297
RedHat Security Advisories: RHSA-2019:1543
RedHat Security Advisories: RHSA-2019:2237
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.