OVAL Reference oval:org.opensuse.security:def:57214

Oval Definition:

oval:org.opensuse.security:def:57214

Revision Date:	2020-12-01	Version:	1
Title:	Security update for Mozilla Firefox
Description:	Mozilla Firefox has been updated to the 17.0.7 ESR version, fixing bugs and security fixes. * MFSA 2013-49: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) * MFSA 2013-50: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. o Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITable (CVE-2013-1684) o Heap-use-after-free in nsIDocument::GetRootElement (CVE-2013-1685) o Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686) * MFSA 2013-51 / CVE-2013-1687: Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. * MFSA 2013-53 / CVE-2013-1690: Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. * MFSA 2013-54 / CVE-2013-1692: Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes agains the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. * MFSA 2013-55 / CVE-2013-1693: Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. * MFSA 2013-59 / CVE-2013-1697: Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. Security Issue references: * CVE-2013-1682 * CVE-2013-1684 * CVE-2013-1685 * CVE-2013-1686 * CVE-2013-1687 * CVE-2013-1690 * CVE-2013-1692 * CVE-2013-1693 * CVE-2013-1697
Family:	unix	Class:	patch
Status:		Reference(s):	1024218 1040039 1047184 1068565 1068664 1070603 1073933 1076118 1077445 1081685 1082063 1082210 1082216 1082233 1082234 1083417 1083420 1083422 1083424 1083426 1096718 1097108 1099306 1115034 1116574 1117951 1126140 1126141 1126192 1126195 1126196 1126198 1126201 1127400 1131291 1142772 1143797 1145692 1146874 1149813 1152497 1154448 1154456 1154458 1154461 1155945 1157888 1158003 1158004 1158005 1158006 1158007 1159208 1159623 1161181 825935 903204 903216 903638 905260 CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2012-0876 CVE-2012-3515 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1697 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-4544 CVE-2013-6399 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0150 CVE-2014-0182 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2015-1779 CVE-2015-3209 CVE-2015-3456 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-0718 CVE-2016-1549 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2183 CVE-2016-2198 CVE-2016-3710 CVE-2016-3712 CVE-2016-4002 CVE-2016-4020 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4472 CVE-2016-4952 CVE-2016-4964 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2016-6351 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2016-7157 CVE-2016-9063 CVE-2017-1000158 CVE-2017-18191 CVE-2017-3145 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2017-9233 CVE-2018-10853 CVE-2018-12015 CVE-2018-12207 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3646 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 CVE-2019-1010180 CVE-2019-11135 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19583 CVE-2020-7211 SUSE-SU-2017:0460-1 SUSE-SU-2018:0303-1 SUSE-SU-2018:1448-1 SUSE-SU-2018:1765-1 SUSE-SU-2018:1972-1 SUSE-SU-2018:3933-1 SUSE-SU-2019:1124-1 SUSE-SU-2019:2783-1 SUSE-SU-2019:2914-1 SUSE-SU-2020:0334-1 SUSE-SU-2020:0497-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information NetworkManager-applet-1.8.10-lp150.3 is installed OR NetworkManager-applet-lang-1.8.10-lp150.3 is installed OR NetworkManager-connection-editor-1.8.10-lp150.3 is installed OR libnm-gtk0-1.8.10-lp150.3 is installed OR libnma0-1.8.10-lp150.3 is installed OR nma-data-1.8.10-lp150.3 is installed OR typelib-1_0-NMGtk-1_0-1.8.10-lp150.3 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information libu2f-host-1.1.6-lp151.2.6 is installed OR libu2f-host-devel-1.1.6-lp151.2.6 is installed OR libu2f-host-doc-1.1.6-lp151.2.6 is installed OR libu2f-host0-1.1.6-lp151.2.6 is installed OR pam_u2f-1.0.8-lp151.2.3 is installed OR u2f-host-1.1.6-lp151.2.6 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information MozillaFirefox-17.0.7esr-0.3 is installed OR MozillaFirefox-branding-SLED-7-0.6.9 is installed OR MozillaFirefox-translations-17.0.7esr-0.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information ImageMagick-6.4.3.6-7.30 is installed OR libMagick++1-6.4.3.6-7.30 is installed OR libMagickCore1-6.4.3.6-7.30 is installed OR libMagickCore1-32bit-6.4.3.6-7.30 is installed OR libMagickWand1-6.4.3.6-7.30 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information ntp-4.2.8p11-64.5 is installed OR ntp-doc-4.2.8p11-64.5 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information qemu-2.6.1-27 is installed OR qemu-arm-2.6.1-27 is installed OR qemu-block-curl-2.6.1-27 is installed OR qemu-block-rbd-2.6.1-27 is installed OR qemu-block-ssh-2.6.1-27 is installed OR qemu-guest-agent-2.6.1-27 is installed OR qemu-ipxe-1.0.0-27 is installed OR qemu-kvm-2.6.1-27 is installed OR qemu-lang-2.6.1-27 is installed OR qemu-ppc-2.6.1-27 is installed OR qemu-s390-2.6.1-27 is installed OR qemu-seabios-1.9.1-27 is installed OR qemu-sgabios-8-27 is installed OR qemu-tools-2.6.1-27 is installed OR qemu-vgabios-1.9.1-27 is installed OR qemu-x86-2.6.1-27 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information evince-3.20.2-6.27 is installed OR evince-browser-plugin-3.20.2-6.27 is installed OR evince-lang-3.20.2-6.27 is installed OR evince-plugin-djvudocument-3.20.2-6.27 is installed OR evince-plugin-dvidocument-3.20.2-6.27 is installed OR evince-plugin-pdfdocument-3.20.2-6.27 is installed OR evince-plugin-psdocument-3.20.2-6.27 is installed OR evince-plugin-tiffdocument-3.20.2-6.27 is installed OR evince-plugin-xpsdocument-3.20.2-6.27 is installed OR libevdocument3-4-3.20.2-6.27 is installed OR libevview3-3-3.20.2-6.27 is installed OR nautilus-evince-3.20.2-6.27 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND yast2-smt-3.0.14-17.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information perl-5.18.2-12.14 is installed OR perl-32bit-5.18.2-12.14 is installed OR perl-base-5.18.2-12.14 is installed OR perl-doc-5.18.2-12.14 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information gpgme-1.5.1-1 is installed OR libgpgme11-1.5.1-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libjavascriptcoregtk-4_0-18-2.28.3-2.56 is installed OR libwebkit2gtk-4_0-37-2.28.3-2.56 is installed OR libwebkit2gtk3-lang-2.28.3-2.56 is installed OR typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56 is installed OR typelib-1_0-WebKit2-4_0-2.28.3-2.56 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56 is installed OR webkit2gtk-4_0-injected-bundles-2.28.3-2.56 is installed OR webkit2gtk3-2.28.3-2.56 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information ghostscript-9.52-23.39 is installed OR ghostscript-x11-9.52-23.39 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libSoundTouch0-1.7.1-5.6 is installed OR soundtouch-1.7.1-5.6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information bind-9.11.2-3.10 is installed OR bind-chrootenv-9.11.2-3.10 is installed OR bind-doc-9.11.2-3.10 is installed OR bind-utils-9.11.2-3.10 is installed OR libbind9-160-9.11.2-3.10 is installed OR libdns169-9.11.2-3.10 is installed OR libirs160-9.11.2-3.10 is installed OR libisc166-9.11.2-3.10 is installed OR libisc166-32bit-9.11.2-3.10 is installed OR libisccc160-9.11.2-3.10 is installed OR libisccfg160-9.11.2-3.10 is installed OR liblwres160-9.11.2-3.10 is installed OR python-bind-9.11.2-3.10 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information openstack-nova-14.0.11~dev13-4.22 is installed OR openstack-nova-api-14.0.11~dev13-4.22 is installed OR openstack-nova-cells-14.0.11~dev13-4.22 is installed OR openstack-nova-cert-14.0.11~dev13-4.22 is installed OR openstack-nova-compute-14.0.11~dev13-4.22 is installed OR openstack-nova-conductor-14.0.11~dev13-4.22 is installed OR openstack-nova-console-14.0.11~dev13-4.22 is installed OR openstack-nova-consoleauth-14.0.11~dev13-4.22 is installed OR openstack-nova-doc-14.0.11~dev13-4.22 is installed OR openstack-nova-novncproxy-14.0.11~dev13-4.22 is installed OR openstack-nova-placement-api-14.0.11~dev13-4.22 is installed OR openstack-nova-scheduler-14.0.11~dev13-4.22 is installed OR openstack-nova-serialproxy-14.0.11~dev13-4.22 is installed OR openstack-nova-vncproxy-14.0.11~dev13-4.22 is installed OR python-nova-14.0.11~dev13-4.22 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information ardana-monasca-8.0+git.1535031421.9262a47-3.12 is installed OR ardana-spark-8.0+git.1534267176.a5f3a22-3.6 is installed OR kafka-0.10.2.2-5.6 is installed OR openstack-monasca-api-2.2.1~dev24-3.6 is installed OR python-monasca-api-2.2.1~dev24-3.6 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND ucode-intel-20191112a-13.56 is installed

BACK