SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5813)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This update backports the latest security fixes to the Mozilla
XULRunner engine.

It fixes following security issues :

- The http-index-format MIME type parser
(nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox
2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13
does not check for an allocation failure, which allows
remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via an HTTP index
response with a crafted 200 header, which triggers
memory corruption and a buffer overflow. (CVE-2008-0017
/ MFSA 2008-54)

- Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x
before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not
properly change the source URI when processing a canvas
element and an HTTP redirect, which allows remote
attackers to bypass the same origin policy and access
arbitrary images that are not directly accessible to the
attacker. NOTE: this issue can be leveraged to enumerate
software on the client by performing redirections
related to moz-icon. (CVE-2008-5012 / MFSA 2008-48)

- Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x
before 1.1.13 do not properly check when the Flash
module has been dynamically unloaded properly, which
allows remote attackers to execute arbitrary code via a
crafted SWF file that 'dynamically unloads itself from
an outside JavaScript function,' which triggers an
access of an expired memory address. (CVE-2008-5013 /
MFSA 2008-49)

- jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox
2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18,
and SeaMonkey 1.x before 1.1.13 allows remote attackers
to cause a denial of service (crash) and possibly
execute arbitrary code by modifying the
window.__proto__.__proto__ object in a way that causes a
lock on a non-native object, which triggers an assertion
failure related to the OBJ_IS_NATIVE function.
(CVE-2008-5014 / MFSA 2008-50)

- The layout engine in Mozilla Firefox 3.x before 3.0.4,
Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x
before 1.1.13 allows remote attackers to cause a denial
of service (crash) via multiple vectors that trigger an
assertion failure or other consequences. (CVE-2008-5016
/ MFSA 2008-52)

- Integer overflow in xpcom/io/nsEscape.cpp in the browser
engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x
before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and
SeaMonkey 1.x before 1.1.13 allows remote attackers to
cause a denial of service (crash) via unknown vectors.
(CVE-2008-5017 / MFSA 2008-52)

- The JavaScript engine in Mozilla Firefox 3.x before
3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x
before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows
remote attackers to cause a denial of service (crash)
via vectors related to 'insufficient class checking' in
the Date class. (CVE-2008-5018 / MFSA 2008-52)

- nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x
before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and
SeaMonkey 1.x before 1.1.13 allows remote attackers to
cause a denial of service (crash) and possibly execute
arbitrary code by modifying properties of a file input
element while it is still being initialized, then using
the blur method to access uninitialized memory.
(CVE-2008-5021 / MFSA 2008-55)

- The nsXMLHttpRequest::NotifyEventListeners method in
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,
Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x
before 1.1.13 allows remote attackers to bypass the
same-origin policy and execute arbitrary script via
multiple listeners, which bypass the inner window check.
(CVE-2008-5022 / MFSA 2008-56)

- Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,
and SeaMonkey 1.x before 1.1.13 allows remote attackers
to bypass the protection mechanism for codebase
principals and execute arbitrary script via the
-moz-binding CSS property in a signed JAR file.
(CVE-2008-5023 / MFSA 2008-57)

- Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before
2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey
1.x before 1.1.13 do not properly escape quote
characters used for XML processing, allows remote
attackers to conduct XML injection attacks via the
default namespace in an E4X document. (CVE-2008-5024 /
MFSA 2008-58)

- The AppendAttributeValue function in the JavaScript
engine in Mozilla Firefox 2.x before 2.0.0.18,
Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x
before 1.1.13 allows remote attackers to cause a denial
of service (crash) via unknown vectors that trigger
memory corruption, as demonstrated by
e4x/extensions/regress-410192.js. (CVE-2008-5052 / MFSA
2008-52)

See also :

http://www.mozilla.org/security/announce/2008/mfsa2008-48.html
http://www.mozilla.org/security/announce/2008/mfsa2008-49.html
http://www.mozilla.org/security/announce/2008/mfsa2008-50.html
http://www.mozilla.org/security/announce/2008/mfsa2008-52.html
http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html
http://www.mozilla.org/security/announce/2008/mfsa2008-56.html
http://www.mozilla.org/security/announce/2008/mfsa2008-57.html
http://www.mozilla.org/security/announce/2008/mfsa2008-58.html
http://support.novell.com/security/cve/CVE-2008-0017.html
http://support.novell.com/security/cve/CVE-2008-5012.html
http://support.novell.com/security/cve/CVE-2008-5013.html
http://support.novell.com/security/cve/CVE-2008-5014.html
http://support.novell.com/security/cve/CVE-2008-5016.html
http://support.novell.com/security/cve/CVE-2008-5017.html
http://support.novell.com/security/cve/CVE-2008-5018.html
http://support.novell.com/security/cve/CVE-2008-5021.html
http://support.novell.com/security/cve/CVE-2008-5022.html
http://support.novell.com/security/cve/CVE-2008-5023.html
http://support.novell.com/security/cve/CVE-2008-5024.html
http://support.novell.com/security/cve/CVE-2008-5052.html

Solution :

Apply ZYPP patch number 5813.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now