SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5001)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This update brings Mozilla Firefox to security update version 2.0.0.12

Following security problems were fixed :

- Web forgery overwrite with div overlay. (MFSA 2008-11 /
CVE-2008-0594)

- URL token stealing via stylesheet redirect. (MFSA
2008-10 / CVE-2008-0593)

- Mishandling of locally-saved plain text files. (MFSA
2008-09 / CVE-2008-0592)

- File action dialog tampering. (MFSA 2008-08 /
CVE-2008-0591)

- Web browsing history and forward navigation stealing.
(MFSA 2008-06 / CVE-2008-0419)

- Directory traversal via chrome: URI. (MFSA 2008-05 /
CVE-2008-0418)

- Stored password corruption. (MFSA 2008-04 /
CVE-2008-0417)

- Privilege escalation, XSS, Remote Code Execution. (MFSA
2008-03 / CVE-2008-0415)

- Multiple file input focus stealing vulnerabilities.
(MFSA 2008-02 / CVE-2008-0414)

- Crashes with evidence of memory corruption
(rv:1.8.1.12). (MFSA 2008-01 / CVE-2008-0412)

See also :

http://www.mozilla.org/security/announce/2008/mfsa2008-01.html
http://www.mozilla.org/security/announce/2008/mfsa2008-02.html
http://www.mozilla.org/security/announce/2008/mfsa2008-03.html
http://www.mozilla.org/security/announce/2008/mfsa2008-04.html
http://www.mozilla.org/security/announce/2008/mfsa2008-05.html
http://www.mozilla.org/security/announce/2008/mfsa2008-06.html
http://www.mozilla.org/security/announce/2008/mfsa2008-08.html
http://www.mozilla.org/security/announce/2008/mfsa2008-09.html
http://www.mozilla.org/security/announce/2008/mfsa2008-10.html
http://www.mozilla.org/security/announce/2008/mfsa2008-11.html
http://support.novell.com/security/cve/CVE-2008-0412.html
http://support.novell.com/security/cve/CVE-2008-0414.html
http://support.novell.com/security/cve/CVE-2008-0415.html
http://support.novell.com/security/cve/CVE-2008-0417.html
http://support.novell.com/security/cve/CVE-2008-0418.html
http://support.novell.com/security/cve/CVE-2008-0419.html
http://support.novell.com/security/cve/CVE-2008-0591.html
http://support.novell.com/security/cve/CVE-2008-0592.html
http://support.novell.com/security/cve/CVE-2008-0593.html
http://support.novell.com/security/cve/CVE-2008-0594.html

Solution :

Apply ZYPP patch number 5001.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now