SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 3756)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This update brings Mozilla Firefox to security update version 2.0.0.4

- Chris Thomas demonstrated that XUL popups opened by web
content could be placed outside the boundaries of the
content area. This could be used to spoof or hide parts
of the browser chrome such as the location bar. (MFSA
2007-17 / CVE-2007-2871)

- Mozilla contributor moz_bug_r_a4 demonstrated that the
addEventListener method could be used to inject script
into another site in violation of the browser's
same-origin policy. This could be used to access or
modify private or valuable information from that other
site. (MFSA 2007-16 / CVE-2007-2870)

- Nicolas Derouet reported two problems with cookie
handling in Mozilla clients. Insufficient length checks
could be use to exhaust browser memory and so to crash
the browser or at least slow it done by a large degree.
(MFSA 2007-14 / CVE-2007-1362)

The second issue was that the cookie path and name
values were not checked for the presence of the
delimiter used for internal cookie storage, and if
present this confused future interpretation of the
cookie data. This is not considered to be exploitable.

- Marcel reported that a malicious web page could perform
a denial of service attack against the form autocomplete
feature that would persist from session to session until
the malicious form data was deleted. Filling a text
field with millions of characters and submitting the
form will cause the victim's browser to hang for up to
several minutes while the form data is read, and this
will happen the first time autocomplete is triggered
after every browser restart. (MFSA 2007-13 /
CVE-2007-2869)

No harm is done to the user's computer, but the
frustration caused by the hang could prevent use of
Firefox if users don't know how to clear the bad state.

- As part of the Firefox 2.0.0.4 and 1.5.0.12 update
releases Mozilla developers fixed many bugs to improve
the stability of the product. Some of these crashes that
showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code. (MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868)

Without further investigation we cannot rule out the
possibility that for some of these an attacker might be
able to prepare memory for exploitation through some
means other than JavaScript, such as large images.

- Incorrect FTP PASV handling could be used by malicious
ftp servers to do a rudimentary port scanning of for
instance internal networks of the computer the browser
is running on. (MFSA 2007-11 / CVE-2007-1562)

See also :

http://www.mozilla.org/security/announce/2007/mfsa2007-11.html
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
http://www.mozilla.org/security/announce/2007/mfsa2007-13.html
http://www.mozilla.org/security/announce/2007/mfsa2007-14.html
http://www.mozilla.org/security/announce/2007/mfsa2007-16.html
http://www.mozilla.org/security/announce/2007/mfsa2007-17.html
http://support.novell.com/security/cve/CVE-2007-1362.html
http://support.novell.com/security/cve/CVE-2007-1562.html
http://support.novell.com/security/cve/CVE-2007-2867.html
http://support.novell.com/security/cve/CVE-2007-2868.html
http://support.novell.com/security/cve/CVE-2007-2869.html
http://support.novell.com/security/cve/CVE-2007-2870.html
http://support.novell.com/security/cve/CVE-2007-2871.html

Solution :

Apply ZYPP patch number 3756.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 29360 ()

Bugtraq ID:

CVE ID: CVE-2007-1362
CVE-2007-1562
CVE-2007-2867
CVE-2007-2868
CVE-2007-2869
CVE-2007-2870
CVE-2007-2871

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now