Synopsis
The remote SuSE 11 host is missing one or more security updates.
Description
Mozilla Firefox has been updated to the 17.0.7 ESR version, fixing bugs and security fixes.
- Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-49)
Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682)
- Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software.
Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. (MFSA 2013-50)
- Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITab le. (CVE-2013-1684)
- Heap-use-after-free in nsIDocument::GetRootElement.
(CVE-2013-1685)
- Heap-use-after-free in mozilla::ResetDir.
(CVE-2013-1686)
- Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. (MFSA 2013-51 / CVE-2013-1687)
- Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. (MFSA 2013-53 / CVE-2013-1690)
- Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests.
(MFSA 2013-54 / CVE-2013-1692)
- Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. (MFSA 2013-55 / CVE-2013-1693)
- Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. (MFSA 2013-59 / CVE-2013-1697)
Solution
Apply SAT patch number 7976.
Plugin Details
File Name: suse_11_firefox-20130628-130628.nasl
Agent: unix
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:11:mozillafirefox, p-cpe:/a:novell:suse_linux:11:mozillafirefox-branding-sled, p-cpe:/a:novell:suse_linux:11:mozillafirefox-translations, cpe:/o:novell:suse_linux:11
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: Exploits are available
Patch Publication Date: 6/28/2013
CISA Known Exploited Vulnerability Due Dates: 4/18/2022
Exploitable With
Metasploit (Firefox onreadystatechange Event DocumentViewerImpl Use After Free)