SuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)

High Nessus Plugin ID 31722

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update brings Mozilla Firefox to security update version 2.0.0.13

Following security problems were fixed :

- XUL popup spoofing variant (cross-tab popups). (MFSA 2008-19 / CVE-2008-1241)

- Java socket connection to any local port via LiveConnect. (MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240)

- Privacy issue with SSL Client Authentication. (MFSA 2008-17 / CVE-2007-4879)

- HTTP Referrer spoofing with malformed URLs. (MFSA 2008-16 / CVE-2008-1238)

- Crashes with evidence of memory corruption (rv:1.8.1.13). (MFSA 2008-15 / CVE-2008-1236 / CVE-2008-1237)

- JavaScript privilege escalation and arbitrary code execution. (MFSA 2008-14 / CVE-2008-1233 / CVE-2008-1234 / CVE-2008-1235)

Solution

Apply ZYPP patch number 5134.

See Also

http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

http://www.mozilla.org/security/announce/2008/mfsa2008-15.html

http://www.mozilla.org/security/announce/2008/mfsa2008-16.html

http://www.mozilla.org/security/announce/2008/mfsa2008-17.html

http://www.mozilla.org/security/announce/2008/mfsa2008-18.html

http://www.mozilla.org/security/announce/2008/mfsa2008-19.html

http://support.novell.com/security/cve/CVE-2007-4879.html

http://support.novell.com/security/cve/CVE-2008-1195.html

http://support.novell.com/security/cve/CVE-2008-1233.html

http://support.novell.com/security/cve/CVE-2008-1234.html

http://support.novell.com/security/cve/CVE-2008-1235.html

http://support.novell.com/security/cve/CVE-2008-1236.html

http://support.novell.com/security/cve/CVE-2008-1237.html

http://support.novell.com/security/cve/CVE-2008-1238.html

http://support.novell.com/security/cve/CVE-2008-1240.html

http://support.novell.com/security/cve/CVE-2008-1241.html

Plugin Details

Severity: High

ID: 31722

File Name: suse_MozillaFirefox-5134.nasl

Version: Revision: 1.17

Type: local

Agent: unix

Published: 2008/04/01

Updated: 2016/12/22

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2008/03/27

Reference Information

CVE: CVE-2007-4879, CVE-2008-1195, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241

CWE: 59, 79, 94, 287, 399