Detections
Analytics

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2015-185)

high Nessus Plugin ID 81589

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

MozillaFirefox, mozilla-nss were updated to fix 18 security issues.

MozillaFirefox was updated to version 36.0. These security issues were fixed :

 - CVE-2015-0835, CVE-2015-0836: Miscellaneous memory safety hazards

 - CVE-2015-0832: Appended period to hostnames can bypass HPKP and HSTS protections

 - CVE-2015-0830: Malicious WebGL content crash when writing strings

 - CVE-2015-0834: TLS TURN and STUN connections silently fail to simple TCP connections

 - CVE-2015-0831: Use-after-free in IndexedDB

 - CVE-2015-0829: Buffer overflow in libstagefright during MP4 video playback

 - CVE-2015-0828: Double-free when using non-default memory allocators with a zero-length XHR

 - CVE-2015-0827: Out-of-bounds read and write while rendering SVG content

 - CVE-2015-0826: Buffer overflow during CSS restyling

 - CVE-2015-0825: Buffer underflow during MP3 playback

 - CVE-2015-0824: Crash using DrawTarget in Cairo graphics library

 - CVE-2015-0823: Use-after-free in Developer Console date with OpenType Sanitiser

 - CVE-2015-0822: Reading of local files through manipulation of form autocomplete

 - CVE-2015-0821: Local files or privileged URLs in pages can be opened into new tabs

 - CVE-2015-0819: UI Tour whitelisted sites in background tab can spoof foreground tabs

 - CVE-2015-0820: Caja Compiler JavaScript sandbox bypass

mozilla-nss was updated to version 3.17.4 to fix the following issues :

 - CVE-2014-1569: QuickDER decoder length issue (bnc#910647).

 - bmo#1084986: If an SSL/TLS connection fails, because client and server don't have any common protocol version enabled, NSS has been changed to report error code SSL_ERROR_UNSUPPORTED_VERSION (instead of reporting SSL_ERROR_NO_CYPHER_OVERLAP).

 - bmo#1112461: libpkix was fixed to prefer the newest certificate, if multiple certificates match.

 - bmo#1094492: fixed a memory corruption issue during failure of keypair generation.

 - bmo#1113632: fixed a failure to reload a PKCS#11 module in FIPS mode.

 - bmo#1119983: fixed interoperability of NSS server code with a LibreSSL client.

Solution

Update the affected MozillaFirefox / mozilla-nss packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=910647

https://bugzilla.opensuse.org/show_bug.cgi?id=917597

Plugin Details

Severity: High

ID: 81589

File Name: openSUSE-2015-185.nasl

Version: 1.8

Type: local

Agent: unix

Published: 3/2/2015

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mozillafirefox-translations-other, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3, p-cpe:/a:novell:opensuse:mozilla-nss-certs, p-cpe:/a:novell:opensuse:mozilla-nss-tools, p-cpe:/a:novell:opensuse:libsoftokn3, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozillafirefox, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debugsource, p-cpe:/a:novell:opensuse:mozilla-nss-devel, p-cpe:/a:novell:opensuse:mozillafirefox-debugsource, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo, cpe:/o:novell:opensuse:13.2, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit, p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols, p-cpe:/a:novell:opensuse:mozillafirefox-devel, p-cpe:/a:novell:opensuse:libsoftokn3-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo, p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream, p-cpe:/a:novell:opensuse:libfreebl3-32bit, p-cpe:/a:novell:opensuse:mozilla-nss, p-cpe:/a:novell:opensuse:mozillafirefox-translations-common, p-cpe:/a:novell:opensuse:mozilla-nss-32bit

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2/26/2015

Reference Information

CVE: CVE-2014-1569, CVE-2015-0819, CVE-2015-0820, CVE-2015-0821, CVE-2015-0822, CVE-2015-0823, CVE-2015-0824, CVE-2015-0825, CVE-2015-0826, CVE-2015-0827, CVE-2015-0828, CVE-2015-0829, CVE-2015-0830, CVE-2015-0831, CVE-2015-0832, CVE-2015-0834, CVE-2015-0835, CVE-2015-0836