SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8636)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

Mozilla Firefox has been updated to the 17.0.7 ESR version, which
fixes bugs and security fixes.

- Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code. (MFSA 2013-49)

Gary Kwong, Jesse Ruderman, and Andrew McCreight
reported memory safety problems and crashes that affect
Firefox ESR 17, and Firefox 21. (CVE-2013-1682)

- Security researcher Abhishek Arya (Inferno) of the
Google Chrome Security Team used the Address Sanitizer
tool to discover a series of use-after-free problems
rated critical as security issues in shipped software.
Some of these issues are potentially exploitable,
allowing for remote code execution. We would also like
to thank Abhishek for reporting additional
use-after-free and buffer overflow flaws in code
introduced during Firefox development. These were fixed
before general release. (MFSA 2013-50)

o Heap-use-after-free in
mozilla::dom::HTMLMediaElement::LookupMediaElementURITab
le (CVE-2013-1684) o Heap-use-after-free in
nsIDocument::GetRootElement (CVE-2013-1685) o
Heap-use-after-free in mozilla::ResetDir.
(CVE-2013-1686)

- Security researcher Mariusz Mlynski reported that it is
possible to compile a user-defined function in the XBL
scope of a specific element and then trigger an event
within this scope to run code. In some circumstances,
when this code is run, it can access content protected
by System Only Wrappers (SOW) and chrome-privileged
pages. This could potentially lead to arbitrary code
execution. Additionally, Chrome Object Wrappers (COW)
can be bypassed by web content to access privileged
methods, leading to a cross-site scripting (XSS) attack
from privileged pages. (MFSA 2013-51 / CVE-2013-1687)

- Security researcher Nils reported that specially crafted
web content using the onreadystatechange event and
reloading of pages could sometimes cause a crash when
unmapped memory is executed. This crash is potentially
exploitable. (MFSA 2013-53 / CVE-2013-1690)

- Security researcher Johnathan Kuskos reported that
Firefox is sending data in the body of XMLHttpRequest
(XHR) HEAD requests, which goes against the XHR
specification. This can potentially be used for
Cross-Site Request Forgery (CSRF) attacks against sites
which do not distinguish between HEAD and POST requests.
(MFSA 2013-54 / CVE-2013-1692)

- Security researcher Paul Stone of Context Information
Security discovered that timing differences in the
processing of SVG format images with filters could allow
for pixel values to be read. This could potentially
allow for text values to be read across domains, leading
to information disclosure. (MFSA 2013-55 /
CVE-2013-1693)

- Mozilla security researcher moz_bug_r_a4 reported that
XrayWrappers can be bypassed to call content-defined
toString and valueOf methods through DefaultValue. This
can lead to unexpected behavior when privileged code
acts on the incorrect values. (MFSA 2013-59 /
CVE-2013-1697)

See also :

http://www.mozilla.org/security/announce/2013/mfsa2013-49.html
http://www.mozilla.org/security/announce/2013/mfsa2013-50.html
http://www.mozilla.org/security/announce/2013/mfsa2013-51.html
http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
http://www.mozilla.org/security/announce/2013/mfsa2013-54.html
http://www.mozilla.org/security/announce/2013/mfsa2013-55.html
http://www.mozilla.org/security/announce/2013/mfsa2013-59.html
http://support.novell.com/security/cve/CVE-2013-1682.html
http://support.novell.com/security/cve/CVE-2013-1684.html
http://support.novell.com/security/cve/CVE-2013-1685.html
http://support.novell.com/security/cve/CVE-2013-1686.html
http://support.novell.com/security/cve/CVE-2013-1687.html
http://support.novell.com/security/cve/CVE-2013-1690.html
http://support.novell.com/security/cve/CVE-2013-1692.html
http://support.novell.com/security/cve/CVE-2013-1693.html
http://support.novell.com/security/cve/CVE-2013-1697.html

Solution :

Apply ZYPP patch number 8636.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 67198 ()

Bugtraq ID:

CVE ID: CVE-2013-1682
CVE-2013-1684
CVE-2013-1685
CVE-2013-1686
CVE-2013-1687
CVE-2013-1690
CVE-2013-1692
CVE-2013-1693
CVE-2013-1697

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now