Mandriva Linux Security Advisory : mozilla (MDVSA-2011:169)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Security issues were identified and fixed in mozilla NSS, firefox and
thunderbird :

22 weak 512-bit certificates issued by the DigiCert Sdn. Bhd
certificate authority has been revoked from the root CA storage. This
was fixed with rootcerts-20111103.00 and nss-3.13. DigiCert Sdn. Bhd
is a Malaysian subordinate CA under Entrust and Verizon (GTE
CyberTrust). It bears no affiliation whatsoever with the US-based
corporation DigiCert, Inc., which is a member of Mozilla's root
program.

Untrusted search path vulnerability in Mozilla Network Security
Services (NSS) might allow local users to gain privileges via a Trojan
horse pkcs11.txt file in a top-level directory (CVE-2011-3640).

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before
3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0
through 7.0 allows remote attackers to inject arbitrary web script or
HTML via crafted text with Shift JIS encoding (CVE-2011-3648).

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird
before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript
files that contain many functions, which allows user-assisted remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly have unspecified other impact via a
crafted file that is accessed by debugging APIs, as demonstrated by
Firebug (CVE-2011-3650).

The following vulnerabilities affetst Mandriva Linux 2011 only :

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors (CVE-2011-3651).

The browser engine in Mozilla Firefox before 8.0 and Thunderbird
before 8.0 does not properly allocate memory, which allows remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unspecified
vectors (CVE-2011-3652).

The browser engine in Mozilla Firefox before 8.0 and Thunderbird
before 8.0 does not properly handle links from SVG mpath elements to
non-SVG elements, which allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unspecified vectors (CVE-2011-3654).

Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0
perform access control without checking for use of the NoWaiverWrapper
wrapper, which allows remote attackers to gain privileges via a
crafted web site (CVE-2011-3655).

The following vulnerabilities affects Mandriva Enterpriser Server 5.2
and Mandriva Linux 2010.2 only :

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird
before 3.1.6 does not properly handle XPCNativeWrappers during calls
to the loadSubScript method in an add-on, which makes it easier for
remote attackers to gain privileges via a crafted web site that
leverages certain unwrapping behavior, a related issue to
CVE-2011-3004 (CVE-2011-3647).

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

See also :

http://www.nessus.org/u?71e2509a
http://www.mozilla.org/security/announce/2011/mfsa2011-46.html
http://www.mozilla.org/security/announce/2011/mfsa2011-47.html
http://www.mozilla.org/security/announce/2011/mfsa2011-48.html
http://www.mozilla.org/security/announce/2011/mfsa2011-49.html
http://www.mozilla.org/security/announce/2011/mfsa2011-52.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now