openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4758)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update brings Mozilla Firefox to security update version 2.0.0.10

Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947:
The jar protocol handler in Mozilla Firefox retrieves the inner URL
regardless of its MIME type, and considers HTML documents within a jar
archive to have the same origin as the inner URL, which allows remote
attackers to conduct cross-site scripting (XSS) attacks via a jar:
URI.

MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update contains
fixes for three bugs that improve the stability of the product. These
crashes showed some evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of
these could be exploited to run arbitrary code.

MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer demonstrated that it
was possible to generate a fake HTTP Referer header by exploiting a
timing condition when setting the window.location property. This could
be used to conduct a Cross-site Request Forgery (CSRF) attack against
websites that rely only on the Referer header as protection against
such attacks.

Solution :

Update the affected MozillaFirefox packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 28369 ()

Bugtraq ID:

CVE ID: CVE-2007-5947
CVE-2007-5959
CVE-2007-5960

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now