SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1001)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The Mozilla Firefox browser was updated to version 3.0.11, fixing
various bugs and security issues :

- Crashes with evidence of memory corruption
(rv: (MFSA 2009-24 / CVE-2009-1392 /
CVE-2009-1832 / CVE-2009-1833)

- (bmo#479413) URL spoofing with invalid unicode
characters. (MFSA 2009-25 / CVE-2009-1834)

- (bmo#491801) Arbitrary domain cookie access by local
file: resources. (MFSA 2009-26 / CVE-2009-1835)

- (bmo#479880) SSL tampering via non-200 responses to
proxy CONNECT requests. (MFSA 2009-27 / CVE-2009-1836)

- (bmo#486269) Race condition while accessing the private
data of a NPObject JS wrapper class object. (MFSA
2009-28 / CVE-2009-1837)

- (bmo#489131) Arbitrary code execution using event
listeners attached to an element whose owner document is
null. (MFSA 2009-29 / CVE-2009-1838)

- (bmo#479943) Incorrect principal set for file: resources
loaded via location bar. (MFSA 2009-30 / CVE-2009-1839)

- (bmo#477979) XUL scripts bypass content-policy checks.
(MFSA 2009-31 / CVE-2009-1840)

- (bmo#479560) JavaScript chrome privilege escalation.
(MFSA 2009-32 / CVE-2009-1841)

See also :

Solution :

Apply SAT patch number 1001.

Risk factor :

High / CVSS Base Score : 9.3

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now