This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
The remote SuSE 11 host is missing one or more security updates.
The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes
several security issues :
- Security researcher Nils reported via TippingPoint's
Zero Day Initiative that the XUL tree method
_moveToEdgeShift was in some cases triggering garbage
collection routines on objects which were still in use.
In such cases, the browser would crash when attempting
to access a previously destroyed object and this crash
could be used by an attacker to run arbitrary code on a
victim's computer. This vulnerability was used by the
reporter to win the 2009 CanSecWest Pwn2Own contest.
This vulnerability does not affect Firefox 2,
Thunderbird 2, or released versions of SeaMonkey. (MFSA
2009-13 / CVE-2009-1044)
- Security researcher Guido Landi discovered that a XSL
stylesheet could be used to crash the browser during a
XSL transformation. An attacker could potentially use
this crash to run arbitrary code on a victim's computer.
This vulnerability was also previously reported as a
stability problem by Ubuntu community member, Andre.
Ubuntu community member Michael Rooney reported Andre's
findings to Mozilla, and Mozilla community member Martin
helped reduce Andre's original testcase and contributed
a patch to fix the vulnerability. (MFSA 2009-12 /
See also :
Apply SAT patch number 747.
Risk factor :
High / CVSS Base Score : 9.3