openSUSE Security Update : MozillaFirefox (MozillaFirefox-1000)

High Nessus Plugin ID 40174


The remote openSUSE host is missing a security update.


The Mozilla Firefox browser was updated to version 3.0.11, fixing various bugs and security issues :

- MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833 Crashes with evidence of memory corruption (rv:

- MFSA 2009-25/CVE-2009-1834 (bmo#479413) URL spoofing with invalid unicode characters

- MFSA 2009-26/CVE-2009-1835 (bmo#491801) Arbitrary domain cookie access by local file: resources

- MFSA 2009-27/CVE-2009-1836 (bmo#479880) SSL tampering via non-200 responses to proxy CONNECT requests

- MFSA 2009-28/CVE-2009-1837 (bmo#486269) Race condition while accessing the private data of a NPObject JS wrapper class object

- MFSA 2009-29/CVE-2009-1838 (bmo#489131) Arbitrary code execution using event listeners attached to an element whose owner document is null

- MFSA 2009-30/CVE-2009-1839 (bmo#479943) Incorrect principal set for file: resources loaded via location bar

- MFSA 2009-31/CVE-2009-1840 (bmo#477979) XUL scripts bypass content-policy checks

- MFSA 2009-32/CVE-2009-1841 (bmo#479560) JavaScript chrome privilege escalation


Update the affected MozillaFirefox packages.

See Also

Plugin Details

Severity: High

ID: 40174

File Name: suse_11_1_MozillaFirefox-090615.nasl

Version: $Revision: 1.13 $

Type: local

Agent: unix

Published: 2009/07/21

Modified: 2016/12/21

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-translations, p-cpe:/a:novell:opensuse:mozilla-xulrunner190, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit, p-cpe:/a:novell:opensuse:python-xpcom190, cpe:/o:novell:opensuse:11.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2009/06/15

Reference Information

CVE: CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1834, CVE-2009-1835, CVE-2009-1836, CVE-2009-1837, CVE-2009-1838, CVE-2009-1839, CVE-2009-1840, CVE-2009-1841

CWE: 20, 94, 200, 264, 287, 362