Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.851229
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory for MozillaFirefox, (SUSE-SU-2016:0727-1)
Zusammenfassung:The remote host is missing an update for the 'MozillaFirefox.'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'MozillaFirefox.'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the
following issues:

Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following
security issues:

* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety
hazards (rv:45.0 / rv:38.7)

* MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential
privilege escalation through CSP reports

* MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting
an array during MP4 processing

* MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden

* MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser

* MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody

* MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC
data channels

* MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations

* MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation
and Location protocol property

* MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin

* MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a
failed allocation

* MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS

* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the
Graphite 2 library

Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following
bugs:

* added a PR_GetEnvSecure function, which attempts to detect if the
program is being executed with elevated privileges, and returns NULL if
detected. It is recommended to use this function in general purpose
library code.

* fixed a memory allocation bug related to the PR_*printf functions

* exported API PR_DuplicateEnvironment, which had already been added in
NSPR 4.10.9

* added support for FreeBSD aarch64

* several minor correctness and compatibility fixes

Mozilla NSS was updated to fix security issues (bsc#969894):

* MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections
in low memory

* MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS

* MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER
encoded keys in NSS

Affected Software/OS:
MozillaFirefox, on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-1950
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
BugTraq ID: 84223
http://www.securityfocus.com/bid/84223
Debian Security Information: DSA-3510 (Google Search)
http://www.debian.org/security/2016/dsa-3510
Debian Security Information: DSA-3520 (Google Search)
http://www.debian.org/security/2016/dsa-3520
Debian Security Information: DSA-3688 (Google Search)
http://www.debian.org/security/2016/dsa-3688
https://security.gentoo.org/glsa/201605-06
RedHat Security Advisories: RHSA-2016:0495
http://rhn.redhat.com/errata/RHSA-2016-0495.html
http://www.securitytracker.com/id/1035215
SuSE Security Announcement: SUSE-SU-2016:0727 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
SuSE Security Announcement: SUSE-SU-2016:0777 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
SuSE Security Announcement: SUSE-SU-2016:0820 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
SuSE Security Announcement: SUSE-SU-2016:0909 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
SuSE Security Announcement: openSUSE-SU-2016:0731 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
SuSE Security Announcement: openSUSE-SU-2016:0733 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
SuSE Security Announcement: openSUSE-SU-2016:1557 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
http://www.ubuntu.com/usn/USN-2917-1
http://www.ubuntu.com/usn/USN-2917-2
http://www.ubuntu.com/usn/USN-2917-3
http://www.ubuntu.com/usn/USN-2924-1
http://www.ubuntu.com/usn/USN-2934-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1952
SuSE Security Announcement: openSUSE-SU-2016:0876 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
SuSE Security Announcement: openSUSE-SU-2016:0894 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
SuSE Security Announcement: openSUSE-SU-2016:1767 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
SuSE Security Announcement: openSUSE-SU-2016:1769 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
SuSE Security Announcement: openSUSE-SU-2016:1778 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-1953
Common Vulnerability Exposure (CVE) ID: CVE-2016-1954
Common Vulnerability Exposure (CVE) ID: CVE-2016-1957
Common Vulnerability Exposure (CVE) ID: CVE-2016-1958
Common Vulnerability Exposure (CVE) ID: CVE-2016-1960
https://www.exploit-db.com/exploits/42484/
https://www.exploit-db.com/exploits/44294/
http://zerodayinitiative.com/advisories/ZDI-16-198/
Common Vulnerability Exposure (CVE) ID: CVE-2016-1961
http://zerodayinitiative.com/advisories/ZDI-16-199/
Common Vulnerability Exposure (CVE) ID: CVE-2016-1962
Common Vulnerability Exposure (CVE) ID: CVE-2016-1964
Common Vulnerability Exposure (CVE) ID: CVE-2016-1965
Common Vulnerability Exposure (CVE) ID: CVE-2016-1966
Common Vulnerability Exposure (CVE) ID: CVE-2016-1974
Common Vulnerability Exposure (CVE) ID: CVE-2016-1977
BugTraq ID: 84222
http://www.securityfocus.com/bid/84222
Debian Security Information: DSA-3515 (Google Search)
http://www.debian.org/security/2016/dsa-3515
https://security.gentoo.org/glsa/201701-63
http://www.ubuntu.com/usn/USN-2927-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1978
BugTraq ID: 84275
http://www.securityfocus.com/bid/84275
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes
RedHat Security Advisories: RHSA-2016:0591
http://rhn.redhat.com/errata/RHSA-2016-0591.html
RedHat Security Advisories: RHSA-2016:0684
http://rhn.redhat.com/errata/RHSA-2016-0684.html
RedHat Security Advisories: RHSA-2016:0685
http://rhn.redhat.com/errata/RHSA-2016-0685.html
http://www.securitytracker.com/id/1035258
http://www.ubuntu.com/usn/USN-2973-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1979
BugTraq ID: 84221
http://www.securityfocus.com/bid/84221
Debian Security Information: DSA-3576 (Google Search)
http://www.debian.org/security/2016/dsa-3576
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes
Common Vulnerability Exposure (CVE) ID: CVE-2016-2790
Common Vulnerability Exposure (CVE) ID: CVE-2016-2791
Common Vulnerability Exposure (CVE) ID: CVE-2016-2792
Common Vulnerability Exposure (CVE) ID: CVE-2016-2793
Common Vulnerability Exposure (CVE) ID: CVE-2016-2794
Common Vulnerability Exposure (CVE) ID: CVE-2016-2795
Common Vulnerability Exposure (CVE) ID: CVE-2016-2796
Common Vulnerability Exposure (CVE) ID: CVE-2016-2797
Common Vulnerability Exposure (CVE) ID: CVE-2016-2798
Common Vulnerability Exposure (CVE) ID: CVE-2016-2799
Common Vulnerability Exposure (CVE) ID: CVE-2016-2800
Common Vulnerability Exposure (CVE) ID: CVE-2016-2801
Common Vulnerability Exposure (CVE) ID: CVE-2016-2802
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.