SuSE 11 Security Update : Mozilla XULrunner (SAT Patch Number 2255)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

Mozilla XULRunner was updated to version 1.9.0.19 fixing lots of bugs
and security issues.

The following security issues were fixed :

- Mozilla developers identified and fixed several
stability bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these crashes
showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code. (MFSA 2010-16)

References

Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in
the browser engine that affected Firefox 3.5 and Firefox 3.6.
(CVE-2010-0173)

Jesse Ruderman and Ehsan Akhgari reported crashes that affected all
supported versions of the browser engine. (CVE-2010-0174)

- Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that a select event
handler for XUL tree items could be called after the
tree item was deleted. This results in the execution of
previously freed memory which an attacker could use to
crash a victim's browser and run arbitrary code on the
victim's computer. (MFSA 2010-17 / CVE-2010-0175)

- Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative an error in the way
option elements are inserted into a XUL tree optgroup.
In certain cases, the number of references to an option
element is under-counted so that when the element is
deleted, a live pointer to its old location is kept
around and may later be used. An attacker could
potentially use these conditions to run arbitrary code
on a victim's computer. (MFSA 2010-18 / CVE-2010-0176)

- Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative an error in the
implementation of the window.navigator.plugins object.
When a page reloads, the plugins array would reallocate
all of its members without checking for existing
references to each member. This could result in the
deletion of objects for which valid pointers still
exist. An attacker could use this vulnerability to crash
a victim's browser and run arbitrary code on the
victim's machine. (MFSA 2010-19 / CVE-2010-0177)

- Security researcher Paul Stone reported that a browser
applet could be used to turn a simple mouse click into a
drag-and-drop action, potentially resulting in the
unintended loading of resources in a user's browser.
This behavior could be used twice in succession to first
load a privileged chrome: URL in a victim's browser,
then load a malicious javascript: URL on top of the same
document resulting in arbitrary script execution with
chrome privileges. (MFSA 2010-20 / CVE-2010-0178)

- Mozilla security researcher moz_bug_r_a4 reported that
the XMLHttpRequestSpy module in the Firebug add-on was
exposing an underlying chrome privilege escalation
vulnerability. When the XMLHttpRequestSpy object was
created, it would attach various properties of itself to
objects defined in web content, which were not being
properly wrapped to prevent their exposure to chrome
privileged objects. This could result in an attacker
running arbitrary JavaScript on a victim's machine,
though it required the victim to have Firebug installed,
so the overall severity of the issue was determined to
be High. (MFSA 2010-21 / CVE-2010-0179)

- Mozilla developers added support in the Network Security
Services module for preventing a type of
man-in-the-middle attack against TLS using forced
renegotiation. (MFSA 2010-22 / CVE-2009-3555)

Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users
will need to set their security.ssl.require_safe_negotiation
preference to true. Firefox 3 does not contain the fix for this issue.

- phpBB developer Henry Sudhof reported that when an image
tag points to a resource that redirects to a mailto:
URL, the external mail handler application is launched.
This issue poses no security threat to users but could
create an annoyance when browsing a site that allows
users to post arbitrary images. (MFSA 2010-23 /
CVE-2010-0181)

- Mozilla community member Wladimir Palant reported that
XML documents were failing to call certain security
checks when loading new content. This could result in
certain resources being loaded that would otherwise
violate security policies set by the browser or
installed add-ons. (MFSA 2010-24 / CVE-2010-0182)

See also :

http://www.mozilla.org/security/announce/2010/mfsa2010-16.html
http://www.mozilla.org/security/announce/2010/mfsa2010-17.html
http://www.mozilla.org/security/announce/2010/mfsa2010-18.html
http://www.mozilla.org/security/announce/2010/mfsa2010-19.html
http://www.mozilla.org/security/announce/2010/mfsa2010-20.html
http://www.mozilla.org/security/announce/2010/mfsa2010-21.html
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
http://www.mozilla.org/security/announce/2010/mfsa2010-23.html
http://www.mozilla.org/security/announce/2010/mfsa2010-24.html
https://bugzilla.novell.com/show_bug.cgi?id=586567
http://support.novell.com/security/cve/CVE-2009-3555.html
http://support.novell.com/security/cve/CVE-2010-0173.html
http://support.novell.com/security/cve/CVE-2010-0174.html
http://support.novell.com/security/cve/CVE-2010-0175.html
http://support.novell.com/security/cve/CVE-2010-0176.html
http://support.novell.com/security/cve/CVE-2010-0177.html
http://support.novell.com/security/cve/CVE-2010-0178.html
http://support.novell.com/security/cve/CVE-2010-0179.html
http://support.novell.com/security/cve/CVE-2010-0181.html
http://support.novell.com/security/cve/CVE-2010-0182.html

Solution :

Apply SAT patch number 2255.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now