openSUSE Security Update : MozillaFirefox (openSUSE-2015-942)

critical Nessus Plugin ID 87620

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for MozillaFirefox fixes the following security issues :

- MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards

- MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with JavaScript variable assignment with unboxed objects

- MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using perfomance.getEntries and history navigation

- MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows for control characters to be set in cookies

- MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free in WebRTC when datachannel is used after being destroyed

- MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer overflow allocating extremely large textures

- MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin information leak through web workers error events

- MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data URI is incorrectly parsed

- MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) DOS due to malformed frames in HTTP/2

- MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) Linux file chooser crashes on malformed images due to flaws in Jasper library

- MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 (bmo#1201183, bmo#1178033, bmo#1199400) Buffer overflows found through code inspection

- MFSA 2015-145/CVE-2015-7205 (bmo#1220493) Underflow through code inspection

- MFSA 2015-146/CVE-2015-7213 (bmo#1206211) Integer overflow in MP4 playback in 64-bit versions

- MFSA 2015-147/CVE-2015-7222 (bmo#1216748) Integer underflow and buffer overflow processing MP4 metadata in libstagefright

- MFSA 2015-148/CVE-2015-7223 (bmo#1226423) Privilege escalation vulnerabilities in WebExtension APIs

- MFSA 2015-149/CVE-2015-7214 (bmo#1228950) Cross-site reading attack through data and view-source URIs

Solution

Update the affected MozillaFirefox packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=959277

Plugin Details

Severity: Critical

ID: 87620

File Name: openSUSE-2015-942.nasl

Version: 2.8

Type: local

Agent: unix

Published: 12/29/2015

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream, p-cpe:/a:novell:opensuse:mozillafirefox, p-cpe:/a:novell:opensuse:mozillafirefox-translations-other, cpe:/o:novell:opensuse:13.2, cpe:/o:novell:opensuse:42.1, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:mozillafirefox-debugsource, p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols, p-cpe:/a:novell:opensuse:mozillafirefox-devel, p-cpe:/a:novell:opensuse:mozillafirefox-translations-common, p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 12/23/2015

Reference Information

CVE: CVE-2015-7201, CVE-2015-7202, CVE-2015-7203, CVE-2015-7204, CVE-2015-7205, CVE-2015-7207, CVE-2015-7208, CVE-2015-7210, CVE-2015-7211, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214, CVE-2015-7215, CVE-2015-7216, CVE-2015-7217, CVE-2015-7218, CVE-2015-7219, CVE-2015-7220, CVE-2015-7221, CVE-2015-7222, CVE-2015-7223