openSUSE Security Update : MozillaFirefox (MozillaFirefox-1000)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Mozilla Firefox browser was updated to version 3.0.11, fixing
various bugs and security issues :

- MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833
Crashes with evidence of memory corruption (rv:1.9.0.11)

- MFSA 2009-25/CVE-2009-1834 (bmo#479413) URL spoofing
with invalid unicode characters

- MFSA 2009-26/CVE-2009-1835 (bmo#491801) Arbitrary domain
cookie access by local file: resources

- MFSA 2009-27/CVE-2009-1836 (bmo#479880) SSL tampering
via non-200 responses to proxy CONNECT requests

- MFSA 2009-28/CVE-2009-1837 (bmo#486269) Race condition
while accessing the private data of a NPObject JS
wrapper class object

- MFSA 2009-29/CVE-2009-1838 (bmo#489131) Arbitrary code
execution using event listeners attached to an element
whose owner document is null

- MFSA 2009-30/CVE-2009-1839 (bmo#479943) Incorrect
principal set for file: resources loaded via location
bar

- MFSA 2009-31/CVE-2009-1840 (bmo#477979) XUL scripts
bypass content-policy checks

- MFSA 2009-32/CVE-2009-1841 (bmo#479560) JavaScript
chrome privilege escalation

See also :

https://bugzilla.novell.com/show_bug.cgi?id=505563

Solution :

Update the affected MozillaFirefox packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now