There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions of IBM Storwize V7000 Unified
CVEID:
CVE-2014-1555
CVE-2014-1556
CVE-2014-1557
DESCRIPTION:
IBM Storwize V7000 Unified is shipped with Mozilla Firefox, although Firefox is not used during normal use of Storwize V7000 Unified. There are vulnerabilities in Mozilla Firefox shipped in certain versions of the Storwize V7000 Unified. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2014-1555
CVSS Base Score: 9.3
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/94774 for the current score
CVE-2014-1556
CVSS Base Score: 9.3
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/94775 for the current score
CVE-2014-1557
CVSS Base Score: 9.3
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/94777 for the current score
IBM Storwize V7000 Unified
The product is affected when running code releases 1.3.0.0 to 1.4.3.3 and 1.5.0.0, 1.5.0.1
IBM has remediated these vulnerabilities in IBM Storwize V7000 Unified versions 1.4.3.4 and 1.5.0.2 by using a version of Firefox that is free of these vulnerabilities. IBM recommends that you fix these vulnerabilities by upgrading affected versions of IBM Storwize V7000 Unified to version 1.4.3.4, 1.5.0.2 or later.
Workaround(s) :
Normal operation of IBM Storwize V7000 Unified does not require or call for customers to use Firefox to access the Internet. Although IBM recommends that you install a level of IBM Storwize V7000 Unified code with a fix, you can avoid these vulnerabilities by not using Mozilla Firefox within your V7000 Unified system to access the Internet.