openSUSE Security Update : MozillaFirefox (MozillaFirefox-1000)

high Nessus Plugin ID 39891

Synopsis

The remote openSUSE host is missing a security update.

Description

The Mozilla Firefox browser was updated to version 3.0.11, fixing various bugs and security issues :

- MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833 Crashes with evidence of memory corruption (rv:1.9.0.11)

- MFSA 2009-25/CVE-2009-1834 (bmo#479413) URL spoofing with invalid unicode characters

- MFSA 2009-26/CVE-2009-1835 (bmo#491801) Arbitrary domain cookie access by local file: resources

- MFSA 2009-27/CVE-2009-1836 (bmo#479880) SSL tampering via non-200 responses to proxy CONNECT requests

- MFSA 2009-28/CVE-2009-1837 (bmo#486269) Race condition while accessing the private data of a NPObject JS wrapper class object

- MFSA 2009-29/CVE-2009-1838 (bmo#489131) Arbitrary code execution using event listeners attached to an element whose owner document is null

- MFSA 2009-30/CVE-2009-1839 (bmo#479943) Incorrect principal set for file: resources loaded via location bar

- MFSA 2009-31/CVE-2009-1840 (bmo#477979) XUL scripts bypass content-policy checks

- MFSA 2009-32/CVE-2009-1841 (bmo#479560) JavaScript chrome privilege escalation

Solution

Update the affected MozillaFirefox packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=505563

Plugin Details

Severity: High

ID: 39891

File Name: suse_11_0_MozillaFirefox-090615.nasl

Version: 1.16

Type: local

Agent: unix

Published: 7/21/2009

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mozillafirefox, p-cpe:/a:novell:opensuse:mozillafirefox-translations, p-cpe:/a:novell:opensuse:mozilla-xulrunner190, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations, p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit, cpe:/o:novell:opensuse:11.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 6/15/2009

Reference Information

CVE: CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1834, CVE-2009-1835, CVE-2009-1836, CVE-2009-1837, CVE-2009-1838, CVE-2009-1839, CVE-2009-1840, CVE-2009-1841

CWE: 20, 200, 264, 287, 362, 94