Security Bulletin
Summary
IBM Storwize V7000 Unified system is shipped with Mozilla firefox, for which fixes are available for security vulnerabilities.
Vulnerability Details
CVEID:
CVE-2013-5609
CVE-2013-5610
CVE-2013-5611
CVE-2013-5612
CVE-2013-5613
CVE-2013-5614
CVE-2013-5615
CVE-2013-5616
CVE-2013-5618
CVE-2013-5619
CVE-2013-6671
CVE-2013-6672
CVE-2013-6673
DESCRIPTION:
IBM Storwize V7000 Unified system is shipped with Mozilla firefox. Fixes are available for the security vulnerabilities found with Mozilla firefox. None of these vulnerabilities are exploitable during usual operations of V7000 Unified system. Nevertheless, since using firefox to access the Internet would implicate these vulnerabilities, we recommend applying the fixes available.
CVE-2013-5609
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89538 for the current score
CVE-2013-5610
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89539 for the current score
CVE-2013-5611
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89540 for the current score
CVE-2013-5612
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89592 for the current score
CVE-2013-5613
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89600 for the current score
CVE-2013-5614
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89593 for the current score
CVE-2013-5615
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89601 for the current score
CVE-2013-5616
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89594 for the current score
CVE-2013-5618
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89595 for the current score
CVE-2013-5619
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89596 for the current score
CVE-2013-6671
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89597 for the current score
CVE-2013-6672
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89598 for the current score
CVE-2013-6673
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89599 for the current score
Affected Products and Versions
IBM Storwize V7000 Unified system
The product is affected when running code releases 1.3.2.0 to 1.4.2.1.
Remediation/Fixes
Fixes for these issues are in version 1.4.3.0 of IBM Storwize V7000 Unified system. Customers running an earlier version of V7000 Unified (e.g. 1.3.2.1, 1.4.0.0, 1.4.2.1) should upgrade to V7000 Unified 1.4.3.0 or a later version, so that the fix gets applied.
Workarounds and Mitigations
Work-around(s): Use of Mozilla firefox for accessing web sites from V7000 Unified system should be avoided.
Mitigation(s): None of these vulnerabilities are exploitable during usual operations of V7000 Unified system. Service personnel should not use Mozilla firefox from V7000 Unified nodes to access the Internet.
Get Notified about Future Security Bulletins
References
Acknowledgement
None
Change History
9 May 2014: First draft
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
ssg1S1004634