SuSE 10 Security Update : Security update for (ZYPP Patch Number 2088)

Critical Nessus Plugin ID 29355

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This security update brings Mozilla Firefox to version 1.5.0.7.

More details can be found on:
http://www.mozilla.org/projects/security/known-vulnerabiliti es.html

It includes fixes to the following security problems :

- Crashes with evidence of memory corruption MFSA 2006-63 / CVE-2006-4570: JavaScript execution in mail via XBL MFSA 2006-62 / CVE-2006-4569: Popup-blocker cross-site scripting (XSS) MFSA 2006-61 / CVE-2006-4568: Frame spoofing using document.open() MFSA 2006-60 / CVE-2006-4340/CERT VU#845620: RSA Signature Forgery MFSA 2006-59 / CVE-2006-4253: Concurrency-related vulnerability MFSA 2006-58 / CVE-2006-4567: Auto-Update compromise through DNS and SSL spoofing MFSA 2006-57 / CVE-2006-4565 / CVE-2006-4566: JavaScript Regular Expression Heap Corruption. (MFSA 2006-64 / CVE-2006-4571)

Solution

Apply ZYPP patch number 2088.

See Also

http://www.mozilla.org/security/announce/2006/mfsa2006-58.html

http://www.mozilla.org/security/announce/2006/mfsa2006-59.html

http://www.mozilla.org/security/announce/2006/mfsa2006-61.html

http://www.mozilla.org/security/announce/2006/mfsa2006-62.html

http://www.mozilla.org/security/announce/2006/mfsa2006-63.html

http://support.novell.com/security/cve/CVE-2006-4253.html

http://support.novell.com/security/cve/CVE-2006-4340.html

http://support.novell.com/security/cve/CVE-2006-4565.html

http://support.novell.com/security/cve/CVE-2006-4566.html

http://support.novell.com/security/cve/CVE-2006-4567.html

http://support.novell.com/security/cve/CVE-2006-4568.html

http://support.novell.com/security/cve/CVE-2006-4569.html

http://support.novell.com/security/cve/CVE-2006-4570.html

http://support.novell.com/security/cve/CVE-2006-4571.html

Plugin Details

Severity: Critical

ID: 29355

File Name: suse_MozillaFirefox-2088.nasl

Version: Revision: 1.15

Type: local

Agent: unix

Published: 2007/12/13

Updated: 2016/12/22

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2006/09/18

Reference Information

CVE: CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4567, CVE-2006-4568, CVE-2006-4569, CVE-2006-4570, CVE-2006-4571

CERT: 845620

CWE: 20, 79, 119, 264