OVAL Reference oval:org.opensuse.security:def:79962

Oval Definition:

oval:org.opensuse.security:def:79962

Revision Date:	2014-02-07	Version:	1
Title:	Security update for MozillaFirefox
Description:	This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4. The following security issues have been fixed: * * MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345) * * MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348) * * MFSA 2014-03: Download 'open file' dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480) * * MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356) * * MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360) * MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484) * * MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485) * * MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486) * * MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487) * MFSA 2014-10: settings & history ID bug (CVE-2014-1489) * * MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488) * * MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289) * * MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309) Security Issue references: * CVE-2014-1477 * CVE-2014-1479 * CVE-2014-1480 * CVE-2014-1481 * CVE-2014-1482 * CVE-2014-1483 * CVE-2014-1484 * CVE-2014-1485 * CVE-2014-1486 * CVE-2014-1487 * CVE-2014-1488 * CVE-2014-1489 * CVE-2014-1490 * CVE-2014-1491
Family:	unix	Class:	patch
Status:		Reference(s):	859055 861847 CVE-2014-1477 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491
Platform(s):	SUSE Linux Enterprise Desktop 11 SP3	Product(s):
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-24.3.0esr-0.8.1 is installed OR MozillaFirefox-branding-SLED-24-0.7.14 is installed OR MozillaFirefox-translations-24.3.0esr-0.8.1 is installed OR libfreebl3-3.15.4-0.7.1 is installed OR libfreebl3-32bit-3.15.4-0.7.1 is installed OR libsoftokn3-3.15.4-0.7.1 is installed OR libsoftokn3-32bit-3.15.4-0.7.1 is installed OR mozilla-nss-3.15.4-0.7.1 is installed OR mozilla-nss-32bit-3.15.4-0.7.1 is installed OR mozilla-nss-tools-3.15.4-0.7.1 is installed

BACK