SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7464)

high Nessus Plugin ID 65596

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

Mozilla Firefox has been updated to the 17.0.4ESR release which fixes one important security issue :

- VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring.
This could allow for arbitrary code execution. (MFSA 2013-29 / CVE-2013-0787)

Solution

Apply SAT patch number 7464.

See Also

http://www.mozilla.org/security/announce/2013/mfsa2013-29.html

https://bugzilla.novell.com/show_bug.cgi?id=808243

http://support.novell.com/security/cve/CVE-2013-0787.html

Plugin Details

Severity: High

ID: 65596

File Name: suse_11_firefox-201303-130311.nasl

Version: 1.10

Type: local

Agent: unix

Published: 3/17/2013

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:mozillafirefox-translations, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:mozillafirefox

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/11/2013

Reference Information

CVE: CVE-2013-0787