openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6194)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Mozilla Firefox Browser was refreshed to the current MOZILLA_1_8
branch state around fix level 2.0.0.22.

Security issues identified as being fixed are: MFSA 2009-01 /
CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed
several stability bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these crashes showed evidence of
memory corruption under certain circumstances and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.

MFSA 2009-07 / CVE-2009-0772 / CVE-2009-0774: Mozilla developers
identified and fixed several stability bugs in the browser engine used
in Firefox and other Mozilla-based products. Some of these crashes
showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code.

MFSA 2009-09 / CVE-2009-0776: Mozilla security researcher Georgi
Guninski reported that a website could use nsIRDFService and a
cross-domain redirect to steal arbitrary XML data from another domain,
a violation of the same-origin policy. This vulnerability could be
used by a malicious website to steal private data from users
authenticated to the redirected website.

MFSA 2009-10 / CVE-2009-0040: Google security researcher Tavis Ormandy
reported several memory safety hazards to the libpng project, an
external library used by Mozilla to render PNG images. These
vulnerabilities could be used by a malicious website to crash a
victim's browser and potentially execute arbitrary code on their
computer. libpng was upgraded to version 1.2.35 which containis fixes
for these flaws.

MFSA 2009-12 / CVE-2009-1169: Security researcher Guido Landi
discovered that a XSL stylesheet could be used to crash the browser
during a XSL transformation. An attacker could potentially use this
crash to run arbitrary code on a victim's computer. This vulnerability
was also previously reported as a stability problem by Ubuntu
community member, Andre. Ubuntu community member Michael Rooney
reported Andre's findings to Mozilla, and Mozilla community member
Martin helped reduce Andre's original testcase and contributed a patch
to fix the vulnerability.

Solution :

Update the affected MozillaFirefox packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 36199 ()

Bugtraq ID:

CVE ID: CVE-2009-0040
CVE-2009-0352
CVE-2009-0353
CVE-2009-0772
CVE-2009-0774
CVE-2009-0776
CVE-2009-1169

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now