| Description: | Summary:
The remote host is missing an update for the 'MozillaFirefox, MozillaThunderbird, seamonkey'
package(s) announced via the referenced advisory.
Vulnerability Insight:
Mozilla released a round of security updates.
Mozilla Firefox was updated to version 6 on openSUSE 11.4,
Mozilla Firefox was updated to version 3.6.20 on openSUSE 11.3 and
SUSE Linux Enterprise 10 and 11.
Seamonkey was updated to 2.3 on openSUSE 11.3, 11.4
Mozilla Thunderbird was updated to 3.1.2 on openSUSE 11.3, 11.4.
Mozilla XULRunner was updated to 1.9.2.20.
The updates bring new features, fix bugs and security issues.
* Miscellaneous memory safety hazards:
Mozilla identified and fixed several memory safety bugs in the
browser engine used in Firefox 4, Firefox 5 and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.
Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety
issues which affected Thunderbird 3.1. CVE-2011-2982
Aral Yaman reported a WebGL crash which affected Firefox 4 and
Firefox 5. CVE-2011-2989
Vivekanand Bolajwar reported a JavaScript crash which affected
Firefox 4 and Firefox 5. CVE-2011-2991
Bert Hubert and Theo Snelleman of Fox-IT reported a crash in the
OGG reader which affected Firefox 4 and Firefox 5. CVE-2011-2992
Mozilla developers and community members Robert Kaiser, Jesse
Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn
Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory
safety issues which affected Firefox 4 and Firefox 5. CVE-2011-2985
* Unsigned scripts can call script inside signed JAR
Rafael Gieschke reported that unsigned JavaScript could call into
script inside a signed JAR thereby inheriting the identity of the
site that signed the JAR as well as any permissions that a user
had granted the signed JAR. CVE-2011-2993
* String crash using WebGL shaders
Michael Jordon of Context IS reported that an overly long shader
program could cause a buffer overrun and crash in a string class
used to store the shader source code. CVE-2011-2988
* Heap overflow in ANGLE library
Michael Jordon of Context IS reported a potentially exploitable heap
overf ...
Description truncated, please see the referenced URL(s) for more information.
Vulnerability Impact:
remote code execution
Affected Software/OS:
MozillaFirefox, MozillaThunderbird, seamonkey on openSUSE 11.3, openSUSE 11.4
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
