openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:0039-2)

critical Nessus Plugin ID 75950

Synopsis

The remote openSUSE host is missing a security update.

Description

Mozilla Firefox Version 9 fixes several security issues :

dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-55/CVE-2011-3658:
nsSVGValue out-of-bounds access dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-58/CVE-2011-3665: Crash scaling <video> to extreme sizes

Solution

Update the affected MozillaFirefox packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=737533

https://lists.opensuse.org/opensuse-updates/2012-02/msg00010.html

Plugin Details

Severity: Critical

ID: 75950

File Name: suse_11_4_MozillaFirefox-111221.nasl

Version: 1.11

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mozillafirefox, p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream, p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols, p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo, p-cpe:/a:novell:opensuse:mozillafirefox-debugsource, p-cpe:/a:novell:opensuse:mozillafirefox-devel, p-cpe:/a:novell:opensuse:mozillafirefox-translations-common, p-cpe:/a:novell:opensuse:mozillafirefox-translations-other, p-cpe:/a:novell:opensuse:mozilla-js192, p-cpe:/a:novell:opensuse:mozilla-js192-32bit, p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js192-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-xulrunner192, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-32bit, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-buildsymbols, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-debugsource, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-devel-debuginfo, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-32bit, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-gnome-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-common-32bit, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other, p-cpe:/a:novell:opensuse:mozilla-xulrunner192-translations-other-32bit, cpe:/o:novell:opensuse:11.4

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/21/2011

Exploitable With

CANVAS (CANVAS)

Metasploit (Firefox nsSVGValue Out-of-Bounds Access Vulnerability)

Reference Information

CVE: CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665