openSUSE Security Update : MozillaFirefox (MozillaFirefox-1597)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Mozilla Firefox 3.5.5 release fixes some instability issues caused
by the 3.5.4 security upgrade.

One crash was assigned a CVE number: CVE-2009-3978: The
nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in
libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to
cause a denial of service (NULL pointer dereference and application
crash) via an animated GIF file with a large image size.

Also some KDE4 integration bugs were fixed :

- use mimetype for opening url if known (bnc#556156)

- fix file dialog resetting icon size (bnc#546490) and
file dialog for multiple files not working (bnc#548267)

- fix KDE filepicker (bnc#548267,bnc#555438)

- avoid possible deadlock with KDE integration
(bnc#555202)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=546490
https://bugzilla.novell.com/show_bug.cgi?id=548267
https://bugzilla.novell.com/show_bug.cgi?id=553172
https://bugzilla.novell.com/show_bug.cgi?id=555202
https://bugzilla.novell.com/show_bug.cgi?id=555438
https://bugzilla.novell.com/show_bug.cgi?id=556156

Solution :

Update the affected MozillaFirefox packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 42925 ()

Bugtraq ID:

CVE ID: CVE-2009-3978

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now