Oracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_in_firefox_web1)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- Off-by-one error in the OpenType Sanitizer in Google
Chrome before 18.0.1025.142 allows remote attackers to
cause a denial of service or possibly have unspecified
other impact via a crafted OpenType file.
(CVE-2011-3062)

- Multiple unspecified vulnerabilities in the browser
engine in Mozilla Firefox 4.x through 11.0, Firefox ESR
10.x before 10.0.4, Thunderbird 5.0 through 11.0,
Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before
2.9 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly
execute arbitrary code via unknown vectors.
(CVE-2012-0467)

- The browser engine in Mozilla Firefox 4.x through 11.0,
Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9
allows remote attackers to cause a denial of service
(assertion failure and memory corruption) or possibly
execute arbitrary code via vectors related to jsval.h
and the js::array_shift function. (CVE-2012-0468)

- Use-after-free vulnerability in the
mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::T
race function in Mozilla Firefox 4.x through 11.0,
Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through
11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey
before 2.9 allows remote attackers to execute arbitrary
code via vectors related to crafted IndexedDB data.
(CVE-2012-0469)

- Heap-based buffer overflow in the
nsSVGFEDiffuseLightingElement::LightPixel function in
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x
before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird
ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows
remote attackers to cause a denial of service (invalid
gfxImageSurface free operation) or possibly execute
arbitrary code by leveraging the use of 'different
number systems.' (CVE-2012-0470)

- Cross-site scripting (XSS) vulnerability in Mozilla
Firefox 4.x through 11.0, Firefox ESR 10.x before
10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR
10.x before 10.0.4, and SeaMonkey before 2.9 allows
remote attackers to inject arbitrary web script or HTML
via a multibyte character set. (CVE-2012-0471)

- The WebGLBuffer::FindMaxUshortElement function in
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x
before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird
ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls
the FindMaxElementInSubArray function with incorrect
template arguments, which allows remote attackers to
obtain sensitive information from video memory via a
crafted WebGL.drawElements call. (CVE-2012-0473)

- Cross-site scripting (XSS) vulnerability in the docshell
implementation in Mozilla Firefox 4.x through 11.0,
Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through
11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey
before 2.9 allows remote attackers to inject arbitrary
web script or HTML via vectors related to
short-circuited page loads, aka 'Universal XSS (UXSS).'
(CVE-2012-0474)

- Multiple cross-site scripting (XSS) vulnerabilities in
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x
before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird
ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow
remote attackers to inject arbitrary web script or HTML
via the (1) ISO-2022-KR or (2) ISO-2022-CN character
set. (CVE-2012-0477)

- The texImage2D implementation in the WebGL subsystem in
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x
before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird
ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does
not properly restrict JSVAL_TO_OBJECT casts, which might
allow remote attackers to execute arbitrary code via a
crafted web page. (CVE-2012-0478)

- Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x
before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird
ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow
remote attackers to spoof the address bar via an https
URL for invalid (1) RSS or (2) Atom XML content.
(CVE-2012-0479)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?38d1eef9

Solution :

Upgrade to Solaris 11/11 SRU 9.5.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now