SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 2683)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This update brings Mozilla Firefox to security update version
1.5.0.10.

- As part of the Firefox 2.0.0.2 and 1.5.0.10 update
releases several bugs were fixed to improve the
stability of the browser. Some of these were crashes
that showed evidence of memory corruption and we presume
that with enough effort at least some of these could be
exploited to run arbitrary code. These fixes affected
the layout engine (CVE-2007-0775), SVG renderer
(CVE-2007-0776) and JavaScript engine. (CVE-2007-0777).
(MFSA 2007-01)

- Various enhancements were done to make XSS exploits
against websites less effective. These included fixes
for invalid trailing characters (CVE-2007-0995), child
frame character set inheritance (CVE-2007-0996),
password form injection (CVE-2006-6077), and the Adobe
Reader universal XSS problem. (MFSA 2007-02)

- AAd reported a potential disk cache collision that could
be exploited by remote attackers to steal confidential
data or execute code. (MFSA 2007-03 / CVE-2007-0778)

- David Eckel reported that browser UI elements--such as
the host name and security indicators--could be spoofed
by using a large, mostly transparent, custom cursor and
adjusting the CSS3 hotspot property so that the visible
part of the cursor floated outside the browser content
area. (MFSA 2007-04 / CVE-2007-0779)

- Manually opening blocked popups could be exploited by
remote attackers to allow XSS attacks (CVE-2007-0780) or
to execute code in local files. (CVE-2007-0800). (MFSA
2007-05)

- Two buffer overflows were found in the NSS handling of
Mozilla. (MFSA 2007-06)

- SSL clients such as Firefox and Thunderbird can suffer a
buffer overflow if a malicious server presents a
certificate with a public key that is too small to
encrypt the entire 'Master Secret'. Exploiting this
overflow appears to be unreliable but possible if the
SSLv2 protocol is enabled. (CVE-2007-0008)

- Servers that use NSS for the SSLv2 protocol can be
exploited by a client that presents a 'Client Master
Key' with invalid length values in any of several fields
that are used without adequate error checking. This can
lead to a buffer overflow that presumably could be
exploitable. (CVE-2007-0009)

- Michal Zalewski demonstrated that setting
location.hostname to a value with embedded null
characters can confuse the browsers domain checks.
Setting the value triggers a load, but the networking
software reads the hostname only up to the null
character while other checks for 'parent domain' start
at the right and so can have a completely different idea
of what the current host is. (MFSA 2007-06 /
CVE-2007-0981)

See also :

http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://support.novell.com/security/cve/CVE-2006-6077.html
http://support.novell.com/security/cve/CVE-2007-0008.html
http://support.novell.com/security/cve/CVE-2007-0009.html
http://support.novell.com/security/cve/CVE-2007-0775.html
http://support.novell.com/security/cve/CVE-2007-0776.html
http://support.novell.com/security/cve/CVE-2007-0777.html
http://support.novell.com/security/cve/CVE-2007-0778.html
http://support.novell.com/security/cve/CVE-2007-0779.html
http://support.novell.com/security/cve/CVE-2007-0780.html
http://support.novell.com/security/cve/CVE-2007-0800.html
http://support.novell.com/security/cve/CVE-2007-0981.html
http://support.novell.com/security/cve/CVE-2007-0995.html
http://support.novell.com/security/cve/CVE-2007-0996.html

Solution :

Apply ZYPP patch number 2683.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now