SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 4804)

Critical Nessus Plugin ID 55483


The remote SuSE 11 host is missing one or more security updates.


Mozilla Firefox was updated to the 3.6.18 security release.

- Miscellaneous memory safety hazards. (MFSA 2011-19 / CVE-2011-2374 / CVE-2011-2376 / CVE-2011-2364 / CVE-2011-2365)

- (bmo#617247) Use-after-free vulnerability when viewing XUL document with script disabled. (MFSA 2011-20 / CVE-2011-2373)

- (bmo#638018, bmo#639303) Memory corruption due to multipart/x-mixed-replace images. (MFSA 2011-21 / CVE-2011-2377)

- (bmo#664009) Integer overflow and arbitrary code execution in Array.reduceRight(). (MFSA 2011-22 / CVE-2011-2371)

- Multiple dangling pointer vulnerabilities. (MFSA 2011-23 / CVE-2011-0083 / CVE-2011-0085 / CVE-2011-2363)

- (bmo#616264) Cookie isolation error. (MFSA 2011-24 / CVE-2011-2362)


Apply SAT patch number 4804.

See Also

Plugin Details

Severity: Critical

ID: 55483

File Name: suse_11_MozillaFirefox-110628.nasl

Version: $Revision: 1.10 $

Type: local

Agent: unix

Published: 2011/07/01

Modified: 2013/11/27

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:MozillaFirefox, p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations, p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192, p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome, p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-gnome-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations, p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner192-translations-32bit, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/06/28

Exploitable With


Metasploit (Mozilla Firefox Array.reduceRight() Integer Overflow)

Reference Information

CVE: CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2376, CVE-2011-2377