SuSE9 Security Update : epiphany (YOU Patch Number 12519)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 9 host is missing a security-related patch.

Description :

This update brings the Mozilla SeaMonkey Suite packages to the current
stable release 1.1.17.

Due to the major version update some incompatibilities might appear.

It fixes all currently published security issues, including but not
limited to :

- Same-origin violations when Adobe Flash loaded via
view-source: scheme. (MFSA 2009-17 / CVE-2009-1307)

- POST data sent to wrong site when saving web page with
embedded frame. (MFSA 2009-21 / CVE-2009-1311)

- Crashes with evidence of memory corruption
(rv:1.9.0.11). (MFSA 2009-24 /
CVE-2009-1392/CVE-2009-1832 / CVE-2009-1833)

- Arbitrary domain cookie access by local file: resources.
(MFSA 2009-26 / CVE-2009-1835)

- SSL tampering via non-200 responses to proxy CONNECT
requests. (MFSA 2009-27 / CVE-2009-1836)

- Arbitrary code execution using event listeners attached
to an element whose owner document is null. (MFSA
2009-29 / CVE-2009-1838)

- JavaScript chrome privilege escalation. (MFSA 2009-32 /
CVE-2009-1841)

- Crash viewing multipart/alternative message with
text/enhanced part. (MFSA 2009-33 / CVE-2009-2210)

See also :

http://support.novell.com/security/cve/CVE-2009-1307.html
http://support.novell.com/security/cve/CVE-2009-1311.html
http://support.novell.com/security/cve/CVE-2009-1392.html
http://support.novell.com/security/cve/CVE-2009-1832.html
http://support.novell.com/security/cve/CVE-2009-1833.html
http://support.novell.com/security/cve/CVE-2009-1835.html
http://support.novell.com/security/cve/CVE-2009-1836.html
http://support.novell.com/security/cve/CVE-2009-1838.html
http://support.novell.com/security/cve/CVE-2009-1841.html
http://support.novell.com/security/cve/CVE-2009-2210.html

Solution :

Apply YOU patch number 12519.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now