openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1345-1)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Mozilla suite received following security updates (bnc#783533) :

Mozilla Firefox was updated to 16.0.1. Mozilla SeaMonkey was
updated to 2.13.1. Mozilla Thunderbird was updated to
16.0.1. Mozilla XULRunner was updated to 16.0.1.

- MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous
memory safety hazards

- MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952,
bmo#720619) defaultValue security checks not applied

- MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous
memory safety hazards

- MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element
persistance allows for attacks

- MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access
to initial origin after setting document.domain

- MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some
DOMWindowUtils methods bypass security checks

- MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash
with full screen and history navigation

- MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with
invalid cast when using instanceof operator

- MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty
function can bypass security checks

- MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and
location property accessible by plugins

- MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101,
bmo#780370) Chrome Object Wrapper (COW) does not
disallow access to privileged functions or properties

- MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and
script injection through location.hash

- MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
Use-after-free, buffer overflow, and out of bounds read
issues found using Address Sanitizer

- MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
CVE-2012-4188 Heap memory corruption issues found using
Address Sanitizer

- MFSA 2012-87/CVE-2012-3990 (bmo#787704)

See also :

http://lists.opensuse.org/opensuse-updates/2012-10/msg00054.html
https://bugzilla.novell.com/show_bug.cgi?id=783533

Solution :

Update the affected MozillaFirefox packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true