Mandriva Linux Security Advisory : mozilla (MDVSA-2011:111)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Security issues were identified and fixed in mozilla firefox and
thunderbird :

Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative two instances of code which modifies SVG element lists
failed to account for changes made to the list by user-supplied
callbacks before accessing list elements. If a user-supplied callback
deleted such an object, the element-modifying code could wind up
accessing deleted memory and potentially executing attacker-controlled
memory. regenrecht also reported via TippingPoint's Zero Day
Initiative that a XUL document could force the nsXULCommandDispatcher
to remove all command updaters from the queue, including the one
currently in use. This could result in the execution of deleted memory
which an attacker could use to run arbitrary code on a victim's
computer (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363).

Mozilla security researcher David Chan reported that cookies set for
example.com. (note the trailing dot) and example.com were treated as
interchangeable. This is a violation of same-origin conventions and
could potentially lead to leakage of cookie data to the wrong party
(CVE-2011-2362).

Mozilla developers identified and fixed several memory safety bugs in
the browser engine used in Firefox and other Mozilla-based products.
Some of these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of
these could be exploited to run arbitrary code (CVE-2011-2364,
CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376).

Security researchers Chris Rohlf and Yan Ivnitskiy of Matasano
Security reported that when a JavaScript Array object had its length
set to an extremely large value, the iteration of array elements that
occurs when its reduceRight method was subsequently called could
result in the execution of attacker controlled memory due to an
invalid index value being used to access element properties
(CVE-2011-2371).

Security researcher Martin Barbella reported that under certain
conditions, viewing a XUL document while JavaScript was disabled
caused deleted memory to be accessed. This flaw could potentially be
used by an attacker to crash a victim's browser and run arbitrary code
on their computer (CVE-2011-2373).

Security researcher Jordi Chancel reported a crash on
multipart/x-mixed-replace images due to memory corruption
(CVE-2011-2377).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

See also :

http://www.nessus.org/u?5694f54a
http://www.mozillamessaging.com/en-US/thunderbird/3.1.11/releasenotes/

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now