openSUSE Security Update : MozillaFirefox (MozillaFirefox-1780)

Medium Nessus Plugin ID 44358

Synopsis

The remote openSUSE host is missing a security update.

Description

Mozilla Firefox was upgraded to 3.0.17 fixing some bugs and regressions.

CVE-2010-0220: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted website that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array.

Solution

Update the affected MozillaFirefox packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=568011

Plugin Details

Severity: Medium

ID: 44358

File Name: suse_11_0_MozillaFirefox-100111.nasl

Version: $Revision: 1.6 $

Type: local

Agent: unix

Published: 2010/02/02

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-translations, p-cpe:/a:novell:opensuse:mozilla-xulrunner190, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit, cpe:/o:novell:opensuse:11.0

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2010/01/11

Reference Information

CVE: CVE-2010-0220

CWE: 399