SuSE 10 Security Update : epiphany (ZYPP Patch Number 5118)

High Nessus Plugin ID 31696

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update of the Mozilla XULRunner engine catches up on all previous security problems found in the XULRunner engine.

Following security problems were fixed :

- Web forgery overwrite with div overlay. (MFSA 2008-11 / CVE-2008-0594)

- URL token stealing via stylesheet redirect. (MFSA 2008-10 / CVE-2008-0593)

- Mishandling of locally-saved plain text files. (MFSA 2008-09 / CVE-2008-0592)

- File action dialog tampering. (MFSA 2008-08 / CVE-2008-0591)

- Web browsing history and forward navigation stealing.
(MFSA 2008-06 / CVE-2008-0419)

- Directory traversal via chrome: URI. (MFSA 2008-05 / CVE-2008-0418)

- Stored password corruption. (MFSA 2008-04 / CVE-2008-0417)

- Privilege escalation, XSS, Remote Code Execution. (MFSA 2008-03 / CVE-2008-0415)

- Multiple file input focus stealing vulnerabilities.
(MFSA 2008-02 / CVE-2008-0414)

- Crashes with evidence of memory corruption (rv:1.8.1.12). (MFSA 2008-01 / CVE-2008-0412)

Solution

Apply ZYPP patch number 5118.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2008-01/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-02/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-03/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-04/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-05/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-06/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-08/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-09/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-10/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-11/

http://support.novell.com/security/cve/CVE-2008-0412.html

http://support.novell.com/security/cve/CVE-2008-0414.html

http://support.novell.com/security/cve/CVE-2008-0415.html

http://support.novell.com/security/cve/CVE-2008-0417.html

http://support.novell.com/security/cve/CVE-2008-0418.html

http://support.novell.com/security/cve/CVE-2008-0419.html

http://support.novell.com/security/cve/CVE-2008-0591.html

http://support.novell.com/security/cve/CVE-2008-0592.html

http://support.novell.com/security/cve/CVE-2008-0593.html

http://support.novell.com/security/cve/CVE-2008-0594.html

Plugin Details

Severity: High

ID: 31696

File Name: suse_mozilla-xulrunner-5118.nasl

Version: 1.19

Type: local

Agent: unix

Published: 2008/03/28

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2008/03/22

Vulnerability Publication Date: 2008/02/08

Reference Information

CVE: CVE-2008-0412, CVE-2008-0414, CVE-2008-0415, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594

CWE: 20, 22, 79, 94, 200, 399