SuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This update brings Mozilla Firefox to security update version 2.0.0.13

Following security problems were fixed :

- XUL popup spoofing variant (cross-tab popups). (MFSA
2008-19 / CVE-2008-1241)

- Java socket connection to any local port via
LiveConnect. (MFSA 2008-18 / CVE-2008-1195 /
CVE-2008-1240)

- Privacy issue with SSL Client Authentication. (MFSA
2008-17 / CVE-2007-4879)

- HTTP Referrer spoofing with malformed URLs. (MFSA
2008-16 / CVE-2008-1238)

- Crashes with evidence of memory corruption
(rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 /
CVE-2008-1237)

- JavaScript privilege escalation and arbitrary code
execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234
/ CVE-2008-1235)

See also :

http://www.mozilla.org/security/announce/2008/mfsa2008-14.html
http://www.mozilla.org/security/announce/2008/mfsa2008-15.html
http://www.mozilla.org/security/announce/2008/mfsa2008-16.html
http://www.mozilla.org/security/announce/2008/mfsa2008-17.html
http://www.mozilla.org/security/announce/2008/mfsa2008-18.html
http://www.mozilla.org/security/announce/2008/mfsa2008-19.html
http://support.novell.com/security/cve/CVE-2007-4879.html
http://support.novell.com/security/cve/CVE-2008-1195.html
http://support.novell.com/security/cve/CVE-2008-1233.html
http://support.novell.com/security/cve/CVE-2008-1234.html
http://support.novell.com/security/cve/CVE-2008-1235.html
http://support.novell.com/security/cve/CVE-2008-1236.html
http://support.novell.com/security/cve/CVE-2008-1237.html
http://support.novell.com/security/cve/CVE-2008-1238.html
http://support.novell.com/security/cve/CVE-2008-1240.html
http://support.novell.com/security/cve/CVE-2008-1241.html

Solution :

Apply ZYPP patch number 5134.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now