SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6733)

high Nessus Plugin ID 43397

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

The Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues.

The following issues were fixed :

- Crashes with evidence of memory corruption (rv:1.9.1.6).
(MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982)

- (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library. (MFSA 2009-66 / CVE-2009-3388)

- (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library. (MFSA 2009-67 / CVE-2009-3389)

- (bmo#487872) NTLM reflection vulnerability. (MFSA 2009-68 / CVE-2009-3983)

- (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 / CVE-2009-3985)

- (bmo#522430) Privilege escalation via chrome window.opener. (MFSA 2009-70 / CVE-2009-3986)

Solution

Apply ZYPP patch number 6733.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2009-65/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-66/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-67/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-68/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-69/

https://www.mozilla.org/en-US/security/advisories/mfsa2009-70/

http://support.novell.com/security/cve/CVE-2009-3388.html

http://support.novell.com/security/cve/CVE-2009-3389.html

http://support.novell.com/security/cve/CVE-2009-3979.html

http://support.novell.com/security/cve/CVE-2009-3980.html

http://support.novell.com/security/cve/CVE-2009-3982.html

http://support.novell.com/security/cve/CVE-2009-3983.html

http://support.novell.com/security/cve/CVE-2009-3984.html

http://support.novell.com/security/cve/CVE-2009-3985.html

http://support.novell.com/security/cve/CVE-2009-3986.html

Plugin Details

Severity: High

ID: 43397

File Name: suse_MozillaFirefox-6733.nasl

Version: 1.16

Type: local

Agent: unix

Published: 12/23/2009

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 12/17/2009

Vulnerability Publication Date: 12/17/2009

Reference Information

CVE: CVE-2009-3388, CVE-2009-3389, CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985, CVE-2009-3986

CWE: 189, 399, 94