Test ID:	1.3.6.1.4.1.25623.1.0.62995
Category:	SuSE Local Security Checks
Title:	SuSE Security Advisory SUSE-SA:2008:050 (MozillaFirefox,MozillaThunderbird,seamonkey,mozilla)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory SUSE-SA:2008:050. The Mozilla suite of programs was updated to fix various security problems and bugs. MozillaFirefox 2.0.0.* were updated to version 2.0.0.17. MozillaFirefox 3.0.1 was updated to version 3.0.3. (openSUSE 11.0) MozillaThunderbird was updated to version 2.0.0.17. seamonkey was updated to version 1.1.12. Older browser versions have received backported fixes. Packages have been released over the last 2 weeks. Security problems fixed: MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before execution CVE-2008-4065: Stripped BOM characters bug CVE-2008-4066: HTML escaped low surrogates bug MFSA 2008-42 Crashes with evidence of memory corruption CVE-2008-4061: Jesse Ruderman reported a crash in the layout engine. CVE-2008-4062: Igor Bukanov, Philip Taylor, Georgi Guninski, and Antoine Labour reported crashes in the JavaScript engine. CVE-2008-4063: Jesse Ruderman, Bob Clary, and Martijn Wargers reported crashes in the layout engine which only affected Firefox 3. CVE-2008-4064: David Maciejak and Drew Yao reported crashes in graphics rendering which only affected Firefox 3. MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution CVE-2008-4058: XPCnativeWrapper pollution bugs CVE-2008-4059: XPCnativeWrapper pollution (Firefox 2) CVE-2008-4060: Documents without script handling objects MFSA 2008-40 / CVE-2008-3837: Forced mouse drag MFSA 2008-39 / CVE-2008-3836: Privilege escalation using feed preview page and XSS flaw MFSA 2008-38 / CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-37 / CVE-2008-0016: UTF-8 URL stack buffer overflow For more details: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html http://www.mozilla.org/security/known-vulnerabilities/firefox20.html http://www.mozilla.org/security/known-vulnerabilities/firefox30.html Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2008:050 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0016 BugTraq ID: 31397 http://www.securityfocus.com/bid/31397 Debian Security Information: DSA-1649 (Google Search) http://www.debian.org/security/2008/dsa-1649 Debian Security Information: DSA-1669 (Google Search) http://www.debian.org/security/2008/dsa-1669 Debian Security Information: DSA-1696 (Google Search) http://www.debian.org/security/2009/dsa-1696 Debian Security Information: DSA-1697 (Google Search) http://www.debian.org/security/2009/dsa-1697 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:205 http://www.mandriva.com/security/advisories?name=MDVSA-2008:206 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11579 http://www.redhat.com/support/errata/RHSA-2008-0882.html http://www.redhat.com/support/errata/RHSA-2008-0908.html http://www.securitytracker.com/id?1020913 http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/32010 http://secunia.com/advisories/32012 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisories/32092 http://secunia.com/advisories/32144 http://secunia.com/advisories/32185 http://secunia.com/advisories/32196 http://secunia.com/advisories/32845 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http://secunia.com/advisories/34501 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 SuSE Security Announcement: SUSE-SA:2008:050 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://www.ubuntu.com/usn/usn-645-1 http://www.ubuntu.com/usn/usn-645-2 http://www.vupen.com/english/advisories/2008/2661 http://www.vupen.com/english/advisories/2009/0977 Common Vulnerability Exposure (CVE) ID: CVE-2008-3835 1020919 http://www.securitytracker.com/id?1020919 256408 31346 http://www.securityfocus.com/bid/31346 31984 31985 32007 http://secunia.com/advisories/32007 32010 32012 32025 http://secunia.com/advisories/32025 32042 32044 32082 32092 32144 32185 32196 32845 33433 33434 34501 ADV-2008-2661 ADV-2009-0977 DSA-1649 DSA-1669 DSA-1696 DSA-1697 FEDORA-2008-8401 FEDORA-2008-8429 MDVSA-2008:205 MDVSA-2008:206 RHSA-2008:0882 RHSA-2008:0908 SSA:2008-269-01 SSA:2008-269-02 SSA:2008-270-01 SUSE-SA:2008:050 USN-645-1 USN-645-2 USN-647-1 http://www.ubuntu.com/usn/usn-647-1 firefox-onchannelredirect-security-bypass(45347) https://exchange.xforce.ibmcloud.com/vulnerabilities/45347 http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://www.mozilla.org/security/announce/2008/mfsa2008-38.html https://bugzilla.mozilla.org/show_bug.cgi?id=439034 oval:org.mitre.oval:def:9643 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9643 Common Vulnerability Exposure (CVE) ID: CVE-2008-3836 1020914 http://www.securitytracker.com/id?1020914 firefox-feedwriter-code-execution(45350) https://exchange.xforce.ibmcloud.com/vulnerabilities/45350 http://www.mozilla.org/security/announce/2008/mfsa2008-39.html https://bugzilla.mozilla.org/show_bug.cgi?id=360529 https://bugzilla.mozilla.org/show_bug.cgi?id=430658 Common Vulnerability Exposure (CVE) ID: CVE-2008-3837 1020922 http://www.securitytracker.com/id?1020922 31987 http://secunia.com/advisories/31987 32011 http://secunia.com/advisories/32011 32089 http://secunia.com/advisories/32089 32095 http://secunia.com/advisories/32095 32096 http://secunia.com/advisories/32096 FEDORA-2008-8425 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html RHSA-2008:0879 http://www.redhat.com/support/errata/RHSA-2008-0879.html firefox-draganddrop-weak-security(45348) https://exchange.xforce.ibmcloud.com/vulnerabilities/45348 http://www.mozilla.org/security/announce/2008/mfsa2008-40.html https://bugzilla.mozilla.org/show_bug.cgi?id=329385 oval:org.mitre.oval:def:9950 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9950 Common Vulnerability Exposure (CVE) ID: CVE-2008-4058 1020915 http://www.securitytracker.com/id?1020915 firefox3-xpcnativewrappers-code-execution(45349) https://exchange.xforce.ibmcloud.com/vulnerabilities/45349 http://www.mozilla.org/security/announce/2008/mfsa2008-41.html https://bugzilla.mozilla.org/show_bug.cgi?id=444075 https://bugzilla.mozilla.org/show_bug.cgi?id=444077 oval:org.mitre.oval:def:9679 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9679 Common Vulnerability Exposure (CVE) ID: CVE-2008-4059 firefox2-xpcnativewrappers-code-execution(45352) https://exchange.xforce.ibmcloud.com/vulnerabilities/45352 https://bugzilla.mozilla.org/show_bug.cgi?id=419848 oval:org.mitre.oval:def:9529 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9529 Common Vulnerability Exposure (CVE) ID: CVE-2008-4060 firefox-xslt-code-execution(45353) https://exchange.xforce.ibmcloud.com/vulnerabilities/45353 https://bugzilla.mozilla.org/show_bug.cgi?id=448548 https://bugzilla.mozilla.org/show_bug.cgi?id=451037 oval:org.mitre.oval:def:11607 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11607 Common Vulnerability Exposure (CVE) ID: CVE-2008-4061 1020916 http://www.securitytracker.com/id?1020916 http://www.mozilla.org/security/announce/2008/mfsa2008-42.html https://bugzilla.mozilla.org/show_bug.cgi?id=443089 multiple-mozilla-layout-code-execution(45351) https://exchange.xforce.ibmcloud.com/vulnerabilities/45351 oval:org.mitre.oval:def:10794 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10794 Common Vulnerability Exposure (CVE) ID: CVE-2008-4062 https://bugzilla.mozilla.org/show_bug.cgi?id=367736 https://bugzilla.mozilla.org/show_bug.cgi?id=444608 https://bugzilla.mozilla.org/show_bug.cgi?id=445229 multiple-mozilla-javascript-code-execution(45355) https://exchange.xforce.ibmcloud.com/vulnerabilities/45355 oval:org.mitre.oval:def:10206 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10206 Common Vulnerability Exposure (CVE) ID: CVE-2008-4063 https://bugzilla.mozilla.org/show_bug.cgi?id=413048 https://bugzilla.mozilla.org/show_bug.cgi?id=433758 https://bugzilla.mozilla.org/show_bug.cgi?id=444452 mozilla-firefox-layout-code-execution(45354) https://exchange.xforce.ibmcloud.com/vulnerabilities/45354 oval:org.mitre.oval:def:11151 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11151 Common Vulnerability Exposure (CVE) ID: CVE-2008-4064 firefox-imagegraphics-code-execution(45357) https://exchange.xforce.ibmcloud.com/vulnerabilities/45357 https://bugzilla.mozilla.org/show_bug.cgi?id=441368 https://bugzilla.mozilla.org/show_bug.cgi?id=441995 https://bugzilla.mozilla.org/show_bug.cgi?id=443693 oval:org.mitre.oval:def:11743 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11743 Common Vulnerability Exposure (CVE) ID: CVE-2008-4065 1020920 http://www.securitytracker.com/id?1020920 firefox-bom-security-bypass(45356) https://exchange.xforce.ibmcloud.com/vulnerabilities/45356 http://www.mozilla.org/security/announce/2008/mfsa2008-43.html https://bugzilla.mozilla.org/show_bug.cgi?id=430740 oval:org.mitre.oval:def:11383 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11383 Common Vulnerability Exposure (CVE) ID: CVE-2008-4066 JVN#96950482 http://jvn.jp/en/jp/JVN96950482/index.html JVNDB-2011-000058 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000058.html firefox-htmlparser-security-bypass(45358) https://exchange.xforce.ibmcloud.com/vulnerabilities/45358 http://blogs.technet.com/bluehat/archive/2008/08/14/targeted-fuzzing.aspx http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/ https://bugzilla.mozilla.org/show_bug.cgi?id=448166 oval:org.mitre.oval:def:8880 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8880 Common Vulnerability Exposure (CVE) ID: CVE-2008-4067 1020921 http://www.securitytracker.com/id?1020921 http://www.0x000000.com/?i=422 http://www.mozilla.org/security/announce/2008/mfsa2008-44.html https://bugzilla.mozilla.org/show_bug.cgi?id=380994 https://bugzilla.mozilla.org/show_bug.cgi?id=394075 mozilla-protocol-directory-traversal(45359) https://exchange.xforce.ibmcloud.com/vulnerabilities/45359 oval:org.mitre.oval:def:10770 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10770 Common Vulnerability Exposure (CVE) ID: CVE-2008-4068 mozilla-resourceprotocol-info-disclosure(45360) https://exchange.xforce.ibmcloud.com/vulnerabilities/45360 oval:org.mitre.oval:def:11471 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11471 Common Vulnerability Exposure (CVE) ID: CVE-2008-4069 1020923 http://www.securitytracker.com/id?1020923 firefox-xbmdecoder-information-disclosure(45361) https://exchange.xforce.ibmcloud.com/vulnerabilities/45361 http://www.blackhat.com/presentations/bh-usa-08/Hoffman/Hoffman-BH2008-CircumventingJavaScript.ppt http://www.mozilla.org/security/announce/2008/mfsa2008-45.html https://bugzilla.mozilla.org/show_bug.cgi?id=449703 oval:org.mitre.oval:def:11000 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11000 Common Vulnerability Exposure (CVE) ID: CVE-2008-4070 1020948 http://www.securitytracker.com/id?1020948 31411 http://www.securityfocus.com/bid/31411 http://www.mozilla.org/security/announce/2008/mfsa2008-46.html https://bugzilla.mozilla.org/show_bug.cgi?id=425152 mozilla-newsgroupmessage-bo(45426) https://exchange.xforce.ibmcloud.com/vulnerabilities/45426 oval:org.mitre.oval:def:10933 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10933
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.