SuSE9 Security Update : epiphany (YOU Patch Number 12616)

critical Nessus Plugin ID 46685

Language:

Synopsis

The remote SuSE 9 host is missing a security-related patch.

Description

This update brings Mozilla SeaMonkey to 1.1.19 fixing various bugs and security issues.

The following security issues are fixed :

- Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. (MFSA 2010-07)

- Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication. (CVE-2010-0161)

- Ludovic Hirlimann reported a crash indexing some messages with attachments. (CVE-2010-0163)

- Carsten Book reported a crash in the JavaScript engine.
(CVE-2009-3075)

- Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072)

- monarch2000 reported an integer overflow in a base64 decoding function. (CVE-2009-2463)

- Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla's NTLM implementation was vulnerable to reflection attacks in which NTLM credentials from one application could be forwarded to another arbitary application via the browser. If an attacker could get a user to visit a web page he controlled he could force NTLM authenticated requests to be forwarded to another application on behalf of the user. (MFSA 2009-68 / CVE-2009-3983)

- Mozilla security researchers Jesse Ruderman and Sid Stamm reported that when downloading a file containing a right-to-left override character (RTL) in the filename, the name displayed in the dialog title bar conflicts with the name of the file shown in the dialog body. An attacker could use this vulnerability to obfuscate the name and file extension of a file to be downloaded and opened, potentially causing a user to run an executable file when they expected to open a non-executable file.
(MFSA 2009-62 / CVE-2009-3376)

- Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines.
Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer. (MFSA 2009-59 / CVE-2009-0689)

Update: The underlying flaw in the dtoa routines used by Mozilla appears to be essentially the same as that reported against the libc gdtoa routine by Maksymilian Arciemowicz.

- Security researcher Georgi Guninski reported that scriptable plugin content, such as Flash objects, could be loaded and executed in SeaMonkey mail messages by embedding the content in an iframe inside the message.
If a user were to reply to or forward such a message, malicious JavaScript embedded in the plugin content could potentially steal the contents of the message or files from the local filesystem. (MFSA 2010-06 / CVE-2009-3385)

- An anonymous security researcher, via TippingPoint's Zero Day Initiative, reported that the columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. An attacker could potentially use this vulnerability to crash a victim's browser and run arbitrary code on the victim's computer. (MFSA 2009-49 / CVE-2009-3077)

Please see http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html

Solution

Apply YOU patch number 12616.

See Also

http://support.novell.com/security/cve/CVE-2009-0689.html

http://support.novell.com/security/cve/CVE-2009-2463.html

http://support.novell.com/security/cve/CVE-2009-3072.html

http://support.novell.com/security/cve/CVE-2009-3075.html

http://support.novell.com/security/cve/CVE-2009-3077.html

http://support.novell.com/security/cve/CVE-2009-3376.html

https://www.suse.com/security/cve/CVE-2009-3385/

http://support.novell.com/security/cve/CVE-2009-3983.html

https://www.suse.com/security/cve/CVE-2010-0161/

https://www.suse.com/security/cve/CVE-2010-0163/

Plugin Details

Severity: Critical

ID: 46685

File Name: suse9_12616.nasl

Version: 1.13

Type: local

Agent: unix

Published: 5/20/2010

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 5/19/2010

Reference Information

CVE: CVE-2009-0689, CVE-2009-2463, CVE-2009-3072, CVE-2009-3075, CVE-2009-3077, CVE-2009-3376, CVE-2009-3385, CVE-2009-3983, CVE-2010-0161, CVE-2010-0163

CWE: 119, 16, 189, 94