SuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)

high Nessus Plugin ID 31722

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update brings Mozilla Firefox to security update version 2.0.0.13

Following security problems were fixed :

- XUL popup spoofing variant (cross-tab popups). (MFSA 2008-19 / CVE-2008-1241)

- Java socket connection to any local port via LiveConnect. (MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240)

- Privacy issue with SSL Client Authentication. (MFSA 2008-17 / CVE-2007-4879)

- HTTP Referrer spoofing with malformed URLs. (MFSA 2008-16 / CVE-2008-1238)

- Crashes with evidence of memory corruption (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 / CVE-2008-1237)

- JavaScript privilege escalation and arbitrary code execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234 / CVE-2008-1235)

Solution

Apply ZYPP patch number 5134.

See Also

http://support.novell.com/security/cve/CVE-2008-1234.html

http://support.novell.com/security/cve/CVE-2008-1235.html

http://support.novell.com/security/cve/CVE-2008-1236.html

http://support.novell.com/security/cve/CVE-2008-1237.html

http://support.novell.com/security/cve/CVE-2008-1238.html

http://support.novell.com/security/cve/CVE-2008-1240.html

http://support.novell.com/security/cve/CVE-2008-1241.html

https://www.mozilla.org/en-US/security/advisories/mfsa2008-14/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-15/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-16/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-17/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-18/

https://www.mozilla.org/en-US/security/advisories/mfsa2008-19/

http://support.novell.com/security/cve/CVE-2007-4879.html

http://support.novell.com/security/cve/CVE-2008-1195.html

http://support.novell.com/security/cve/CVE-2008-1233.html

Plugin Details

Severity: High

ID: 31722

File Name: suse_MozillaFirefox-5134.nasl

Version: 1.21

Type: local

Agent: unix

Published: 4/1/2008

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/27/2008

Vulnerability Publication Date: 9/13/2007

Reference Information

CVE: CVE-2007-4879, CVE-2008-1195, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241

CWE: 287, 399, 59, 79, 94