 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.4.2012.0220.1 |
| Category: | SuSE Local Security Checks |
| Title: | SUSE: Security Advisory (SUSE-SU-2012:0220-1) |
| Summary: | The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2012:0220-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2012:0220-1 advisory. Vulnerability Insight: This update provides Mozilla Firefox 10, which provides many fixes, security and feature enhancements. For a detailed list, please have a look at [link moved to references] and [link moved to references] The following security issues have been fixed in this update: * Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-01, CVE-2012-0442 > , CVE-2012-0443 > ) * Alex Dvorov reported that an attacker could replace a sub-frame in another domain's document by using the name attribute of the sub-frame as a form submission target. This can potentially allow for phishing attacks against users and violates the HTML5 frame navigation policy. (MFSA 2012-03, CVE-2012-0445 > ) * Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute can be accessed under certain circumstances because of a premature notification of AttributeChildRemoved. This use-after-free of the child nodes could possibly allow for remote code execution. (MFSA 2012-04, CVE-2011-3659 > ) * Mozilla security researcher moz_bug_r_a4 reported that frame scripts bypass XPConnect security checks when calling untrusted objects. This allows for cross-site scripting (XSS) attacks through web pages and Firefox extensions. The fix enables the Script Security Manager (SSM) to force security checks on all frame scripts. (MFSA 2012-05, CVE-2012-0446 > ) * Mozilla developer Tim Abraldes reported that when encoding images as image/vnd.microsoft.icon the resulting data was always a fixed size, with uninitialized memory appended as padding beyond the size of the actual image. This is the result of mImageBufferSize in the encoder being initialized with a value different than the size of the source image. There is the possibility of sensitive data from uninitialized memory being appended to a PNG image when converted fron an ICO format image. This sensitive data may then be disclosed in the resulting image. ((MFSA 2012-06) [link moved to references]], [CVE-2012-0447 > ) * Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution. (MFSA 2012-07, CVE-2012-0444 > ) * Security researchers Nicolas Gregoire and Aki Helin independently reported that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to a memory corruption. While there is no evidence that this is directly ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'MozillaFirefox' package(s) on SUSE Linux Enterprise Desktop 11-SP1, SUSE Linux Enterprise Server 11-SP1, SUSE Linux Enterprise Software Development Kit 11-SP1. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-3659 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14697 SuSE Security Announcement: SUSE-SU-2012:0198 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html SuSE Security Announcement: SUSE-SU-2012:0221 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html SuSE Security Announcement: openSUSE-SU-2012:0234 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2012-0442 Debian Security Information: DSA-2400 (Google Search) http://www.debian.org/security/2012/dsa-2400 Debian Security Information: DSA-2402 (Google Search) http://www.debian.org/security/2012/dsa-2402 Debian Security Information: DSA-2406 (Google Search) http://www.debian.org/security/2012/dsa-2406 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14678 Common Vulnerability Exposure (CVE) ID: CVE-2012-0443 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14444 Common Vulnerability Exposure (CVE) ID: CVE-2012-0444 BugTraq ID: 51753 http://www.securityfocus.com/bid/51753 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464 http://secunia.com/advisories/48043 http://secunia.com/advisories/48095 http://www.ubuntu.com/usn/USN-1370-1 XForce ISS Database: mozilla-nschildview-code-exec(72858) https://exchange.xforce.ibmcloud.com/vulnerabilities/72858 Common Vulnerability Exposure (CVE) ID: CVE-2012-0445 BugTraq ID: 51765 http://www.securityfocus.com/bid/51765 http://osvdb.org/78735 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14907 http://secunia.com/advisories/49055 XForce ISS Database: mozilla-iframeelement-security-bypass(72835) https://exchange.xforce.ibmcloud.com/vulnerabilities/72835 Common Vulnerability Exposure (CVE) ID: CVE-2012-0446 BugTraq ID: 51752 http://www.securityfocus.com/bid/51752 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14304 XForce ISS Database: mozilla-xpconnect-xss(72837) https://exchange.xforce.ibmcloud.com/vulnerabilities/72837 Common Vulnerability Exposure (CVE) ID: CVE-2012-0447 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14912 XForce ISS Database: mozilla-mimagebuffersize-info-disclosure(72856) https://exchange.xforce.ibmcloud.com/vulnerabilities/72856 Common Vulnerability Exposure (CVE) ID: CVE-2012-0449 BugTraq ID: 51754 http://www.securityfocus.com/bid/51754 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14618 XForce ISS Database: mozilla-xsltstylesheets-code-execution(72868) https://exchange.xforce.ibmcloud.com/vulnerabilities/72868 Common Vulnerability Exposure (CVE) ID: CVE-2012-0450 http://osvdb.org/78741 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14670 XForce ISS Database: mozilla-keyhtml-info-disclosure(72869) https://exchange.xforce.ibmcloud.com/vulnerabilities/72869 |
| Copyright | Copyright (C) 2021 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |