Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.850171
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory for MozillaFirefox, MozillaThunderbird, seamonkey (SUSE-SA:2011:037)
Summary:The remote host is missing an update for the 'MozillaFirefox, MozillaThunderbird, seamonkey'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'MozillaFirefox, MozillaThunderbird, seamonkey'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla released a round of security updates.

Mozilla Firefox was updated to version 6 on openSUSE 11.4,
Mozilla Firefox was updated to version 3.6.20 on openSUSE 11.3 and
SUSE Linux Enterprise 10 and 11.
Seamonkey was updated to 2.3 on openSUSE 11.3, 11.4
Mozilla Thunderbird was updated to 3.1.2 on openSUSE 11.3, 11.4.
Mozilla XULRunner was updated to 1.9.2.20.

The updates bring new features, fix bugs and security issues.

* Miscellaneous memory safety hazards:

Mozilla identified and fixed several memory safety bugs in the
browser engine used in Firefox 4, Firefox 5 and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort
at least some of these could be exploited to run arbitrary code.

Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety
issues which affected Thunderbird 3.1. CVE-2011-2982

Aral Yaman reported a WebGL crash which affected Firefox 4 and
Firefox 5. CVE-2011-2989

Vivekanand Bolajwar reported a JavaScript crash which affected
Firefox 4 and Firefox 5. CVE-2011-2991

Bert Hubert and Theo Snelleman of Fox-IT reported a crash in the
OGG reader which affected Firefox 4 and Firefox 5. CVE-2011-2992

Mozilla developers and community members Robert Kaiser, Jesse
Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn
Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory
safety issues which affected Firefox 4 and Firefox 5. CVE-2011-2985

* Unsigned scripts can call script inside signed JAR

Rafael Gieschke reported that unsigned JavaScript could call into
script inside a signed JAR thereby inheriting the identity of the
site that signed the JAR as well as any permissions that a user
had granted the signed JAR. CVE-2011-2993

* String crash using WebGL shaders

Michael Jordon of Context IS reported that an overly long shader
program could cause a buffer overrun and crash in a string class
used to store the shader source code. CVE-2011-2988

* Heap overflow in ANGLE library

Michael Jordon of Context IS reported a potentially exploitable heap
overf ...

Description truncated, please see the referenced URL(s) for more information.

Vulnerability Impact:
remote code execution

Affected Software/OS:
MozillaFirefox, MozillaThunderbird, seamonkey on openSUSE 11.3, openSUSE 11.4

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0084
Debian Security Information: DSA-2295 (Google Search)
http://www.debian.org/security/2011/dsa-2295
Debian Security Information: DSA-2296 (Google Search)
http://www.debian.org/security/2011/dsa-2296
Debian Security Information: DSA-2297 (Google Search)
http://www.debian.org/security/2011/dsa-2297
http://www.mandriva.com/security/advisories?name=MDVSA-2011:127
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14502
http://www.redhat.com/support/errata/RHSA-2011-1164.html
http://www.redhat.com/support/errata/RHSA-2011-1166.html
SuSE Security Announcement: SUSE-SA:2011:037 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
SuSE Security Announcement: SUSE-SU-2011:0967 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2378
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14163
Common Vulnerability Exposure (CVE) ID: CVE-2011-2980
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14436
Common Vulnerability Exposure (CVE) ID: CVE-2011-2981
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14512
Common Vulnerability Exposure (CVE) ID: CVE-2011-2982
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14294
http://www.redhat.com/support/errata/RHSA-2011-1165.html
http://www.redhat.com/support/errata/RHSA-2011-1167.html
http://www.securitytracker.com/id?1025940
Common Vulnerability Exposure (CVE) ID: CVE-2011-2983
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14272
Common Vulnerability Exposure (CVE) ID: CVE-2011-2984
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14358
Common Vulnerability Exposure (CVE) ID: CVE-2011-2985
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14440
http://secunia.com/advisories/49055
Common Vulnerability Exposure (CVE) ID: CVE-2011-2986
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14497
Common Vulnerability Exposure (CVE) ID: CVE-2011-2987
BugTraq ID: 49226
http://www.securityfocus.com/bid/49226
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14285
Common Vulnerability Exposure (CVE) ID: CVE-2011-2988
BugTraq ID: 49242
http://www.securityfocus.com/bid/49242
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14270
Common Vulnerability Exposure (CVE) ID: CVE-2011-2989
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14528
Common Vulnerability Exposure (CVE) ID: CVE-2011-2990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14458
Common Vulnerability Exposure (CVE) ID: CVE-2011-2991
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14303
Common Vulnerability Exposure (CVE) ID: CVE-2011-2992
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14209
Common Vulnerability Exposure (CVE) ID: CVE-2011-2993
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14055
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.