Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2014:8879

Overview

Id SUSE-2014:8879
Name Novell SUSE 2014:8879 firefox-201402 security update for SLE 11 SP3 i586
Vendor Name novell
Product Novell
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 07 Feb 2014 12:00:00

SUSE-2014:8879

Novell SUSE 2014:8879 firefox-201402 security update for SLE 11 SP3 i586

Vendor Name

novell

Product

Novell

Released On

07 Feb 2014 12:00:00

Url

http://www.novell.com/support

Description

LSAC(v2)
This updates the Mozilla Firefox browser to the 24.3.0ESR security release. The Mozilla NSS libraries are now on version 3.15.4. The following security issues have been fixed: * MFSA 2014-01: Memory safety bugs fixed in Firefox ESR 24.3 and Firefox 27.0 (CVE-2014-1477)(bnc#862345) * MFSA 2014-02: Using XBL scopes its possible to steal(clone) native anonymous content (CVE-2014-1479)(bnc#862348) * MFSA 2014-03: Download "open file" dialog delay is too quick, doesn't prevent clickjacking (CVE-2014-1480) * MFSA 2014-04: Image decoding causing FireFox to crash with Goo Create (CVE-2014-1482)(bnc#862356) * MFSA 2014-05: caretPositionFromPoint and elementFromPoint leak information about iframe contents via timing information (CVE-2014-1483)(bnc#862360) * MFSA 2014-06: Fennec leaks profile path to logcat (CVE-2014-1484) * MFSA 2014-07: CSP should block XSLT as script, not as style (CVE-2014-1485) * MFSA 2014-08: imgRequestProxy Use-After-Free Remote Code Execution Vulnerability (CVE-2014-1486) * MFSA 2014-09: Cross-origin information disclosure with error message of Web Workers (CVE-2014-1487) * MFSA 2014-10: settings & history ID bug (CVE-2014-1489) * MFSA 2014-11: Firefox reproducibly crashes when using asm.js code in workers and transferable objects (CVE-2014-1488) * MFSA 2014-12: TOCTOU, potential use-after-free in libssl's session ticket processing (CVE-2014-1490)(bnc#862300) Do not allow p-1 as a public DH value (CVE-2014-1491)(bnc#862289) * MFSA 2014-13: Inconsistent this value when invoking getters on window (CVE-2014-1481)(bnc#862309) Security Issue references: * CVE-2014-1477 * CVE-2014-1479 * CVE-2014-1480 * CVE-2014-1481 * CVE-2014-1482 * CVE-2014-1483 * CVE-2014-1484 * CVE-2014-1485 * CVE-2014-1486 * CVE-2014-1487 * CVE-2014-1488 * CVE-2014-1489 * CVE-2014-1490 * CVE-2014-1491

Related Resources

Related Vulnerabilities

None

Related Patches

Superseded Patches

None


Last Updated: 27 May 2016 11:18:28