Security Bulletin: Mozilla firefox vulnerability issues on IBM Storwize V7000 Unified system (CVE-2013-5609, CVE-2013-5610, CVE-2013-5611, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6

Summary

IBM Storwize V7000 Unified system is shipped with Mozilla firefox, for which fixes are available for security vulnerabilities.

Vulnerability Details

CVEID:
CVE-2013-5609
CVE-2013-5610
CVE-2013-5611
CVE-2013-5612
CVE-2013-5613
CVE-2013-5614
CVE-2013-5615
CVE-2013-5616
CVE-2013-5618
CVE-2013-5619
CVE-2013-6671
CVE-2013-6672
CVE-2013-6673

DESCRIPTION:

IBM Storwize V7000 Unified system is shipped with Mozilla firefox. Fixes are available for the security vulnerabilities found with Mozilla firefox. None of these vulnerabilities are exploitable during usual operations of V7000 Unified system. Nevertheless, since using firefox to access the Internet would implicate these vulnerabilities, we recommend applying the fixes available.

CVE-2013-5609
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89538 for the current score

CVE-2013-5610
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89539 for the current score

CVE-2013-5611
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89540 for the current score

CVE-2013-5612
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89592 for the current score

CVE-2013-5613
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89600 for the current score

CVE-2013-5614
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89593 for the current score

CVE-2013-5615
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89601 for the current score

CVE-2013-5616
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89594 for the current score

CVE-2013-5618
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89595 for the current score

CVE-2013-5619
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89596 for the current score

CVE-2013-6671
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89597 for the current score

CVE-2013-6672
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89598 for the current score

CVE-2013-6673
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89599 for the current score

Affected Products and Versions

IBM Storwize V7000 Unified system
The product is affected when running code releases 1.3.2.0 to 1.4.2.1.

Remediation/Fixes

Fixes for these issues are in version 1.4.3.0 of IBM Storwize V7000 Unified system. Customers running an earlier version of V7000 Unified (e.g. 1.3.2.1, 1.4.0.0, 1.4.2.1) should upgrade to V7000 Unified 1.4.3.0 or a later version, so that the fix gets applied.

Workarounds and Mitigations

Work-around(s): Use of Mozilla firefox for accessing web sites from V7000 Unified system should be avoided.

_Mitigation(s): _ None of these vulnerabilities are exploitable during usual operations of V7000 Unified system. Service personnel should not use Mozilla firefox from V7000 Unified nodes to access the Internet.