SuSE 10 Security Update : Security update for (ZYPP Patch Number 2088)

critical Nessus Plugin ID 29355

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This security update brings Mozilla Firefox to version 1.5.0.7.

More details can be found on:
http://www.mozilla.org/projects/security/known-vulnerabiliti es.html

It includes fixes to the following security problems :

- Crashes with evidence of memory corruption MFSA 2006-63 / CVE-2006-4570: JavaScript execution in mail via XBL MFSA 2006-62 / CVE-2006-4569: Popup-blocker cross-site scripting (XSS) MFSA 2006-61 / CVE-2006-4568: Frame spoofing using document.open() MFSA 2006-60 / CVE-2006-4340/CERT VU#845620: RSA Signature Forgery MFSA 2006-59 / CVE-2006-4253: Concurrency-related vulnerability MFSA 2006-58 / CVE-2006-4567: Auto-Update compromise through DNS and SSL spoofing MFSA 2006-57 / CVE-2006-4565 / CVE-2006-4566: JavaScript Regular Expression Heap Corruption. (MFSA 2006-64 / CVE-2006-4571)

Solution

Apply ZYPP patch number 2088.

Plugin Details

Severity: Critical

ID: 29355

File Name: suse_MozillaFirefox-2088.nasl

Version: 1.19

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 12/13/2007

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 9/18/2006

Vulnerability Publication Date: 8/21/2006

Reference Information

CVE: CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4567, CVE-2006-4568, CVE-2006-4569, CVE-2006-4570, CVE-2006-4571

CWE: 119, 20, 264, 79

CERT: 845620

Detections

Analytics