SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1001)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The Mozilla Firefox browser was updated to version 3.0.11, fixing
various bugs and security issues :

- Crashes with evidence of memory corruption
(rv:1.9.0.11). (MFSA 2009-24 / CVE-2009-1392 /
CVE-2009-1832 / CVE-2009-1833)

- (bmo#479413) URL spoofing with invalid unicode
characters. (MFSA 2009-25 / CVE-2009-1834)

- (bmo#491801) Arbitrary domain cookie access by local
file: resources. (MFSA 2009-26 / CVE-2009-1835)

- (bmo#479880) SSL tampering via non-200 responses to
proxy CONNECT requests. (MFSA 2009-27 / CVE-2009-1836)

- (bmo#486269) Race condition while accessing the private
data of a NPObject JS wrapper class object. (MFSA
2009-28 / CVE-2009-1837)

- (bmo#489131) Arbitrary code execution using event
listeners attached to an element whose owner document is
null. (MFSA 2009-29 / CVE-2009-1838)

- (bmo#479943) Incorrect principal set for file: resources
loaded via location bar. (MFSA 2009-30 / CVE-2009-1839)

- (bmo#477979) XUL scripts bypass content-policy checks.
(MFSA 2009-31 / CVE-2009-1840)

- (bmo#479560) JavaScript chrome privilege escalation.
(MFSA 2009-32 / CVE-2009-1841)

See also :

http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
http://www.mozilla.org/security/announce/2009/mfsa2009-28.html
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
https://bugzilla.novell.com/show_bug.cgi?id=505563
http://support.novell.com/security/cve/CVE-2009-1392.html
http://support.novell.com/security/cve/CVE-2009-1832.html
http://support.novell.com/security/cve/CVE-2009-1833.html
http://support.novell.com/security/cve/CVE-2009-1834.html
http://support.novell.com/security/cve/CVE-2009-1835.html
http://support.novell.com/security/cve/CVE-2009-1836.html
http://support.novell.com/security/cve/CVE-2009-1837.html
http://support.novell.com/security/cve/CVE-2009-1838.html
http://support.novell.com/security/cve/CVE-2009-1839.html
http://support.novell.com/security/cve/CVE-2009-1840.html
http://support.novell.com/security/cve/CVE-2009-1841.html

Solution :

Apply SAT patch number 1001.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now