English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2012.1167.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2012:1167-1)
Summary:The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2012:1167-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2012:1167-1 advisory.

Vulnerability Insight:
MozillaFirefox was updated to 10.0.7ESR release, fixing a lot of bugs and security problems.

The following security issues have been addressed:

*

MFSA 2012-57: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.

*

CVE-2012-1971: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, and Jason Smith reported memory safety problems and crashes that affect Firefox 14.

*

CVE-2012-1970: Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic and Daniel Holbert reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 14.

*

MFSA 2012-58: Security researcher Abhishek Arya
(Inferno) of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable,
allowing for remote code execution.

o Heap-use-after-free in nsHTMLEditor::CollapseAdjacentTextNodes CVE-2012-1972 o Heap-use-after-free in nsObjectLoadingContent::LoadObject CVE-2012-1973 o Heap-use-after-free in gfxTextRun::CanBreakLineBefore CVE-2012-1974 o Heap-use-after-free in PresShell::CompleteMove CVE-2012-1975 o Heap-use-after-free in nsHTMLSelectElement::SubmitNamesValues CVE-2012-1976 o Heap-use-after-free in MediaStreamGraphThreadRunnable::Run() CVE-2012-3956 o Heap-buffer-overflow in nsBlockFrame::MarkLineDirty CVE-2012-3957 o Heap-use-after-free in nsHTMLEditRules::DeleteNonTableElements CVE-2012-3958 o Heap-use-after-free in nsRangeUpdater::SelAdjDeleteNode CVE-2012-3959 o Heap-use-after-free in mozSpellChecker::SetCurrentDictionary CVE-2012-3960 o Heap-use-after-free in RangeData::~
RangeData CVE-2012-3961 o Bad iterator in text runs CVE-2012-3962 o use after free in js::gc::MapAllocToTraceKind CVE-2012-3963 o Heap-use-after-free READ 8 in gfxTextRun::GetUserData CVE-2012-3964
*

MFSA 2012-59 / CVE-2012-1956: Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks.

*

MFSA 2012-60 / CVE-2012-3965: Security researcher Mariusz Mlynski reported that when a page opens a new tab,
a subsequent window can then be opened that can be navigated to about:newtab, a chrome privileged page. Once about:newtab is loaded, the special context can potentially be used to ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Mozilla Firefox' package(s) on SUSE Linux Enterprise Desktop 10-SP4, SUSE Linux Enterprise Server 10-SP4.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1956
BugTraq ID: 55260
http://www.securityfocus.com/bid/55260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16367
RedHat Security Advisories: RHSA-2012:1351
http://rhn.redhat.com/errata/RHSA-2012-1351.html
SuSE Security Announcement: SUSE-SU-2012:1157 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html
SuSE Security Announcement: SUSE-SU-2012:1167 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html
SuSE Security Announcement: openSUSE-SU-2012:1065 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html
http://www.ubuntu.com/usn/USN-1548-1
http://www.ubuntu.com/usn/USN-1548-2
Common Vulnerability Exposure (CVE) ID: CVE-2012-1970
BugTraq ID: 55266
http://www.securityfocus.com/bid/55266
Debian Security Information: DSA-2553 (Google Search)
http://www.debian.org/security/2012/dsa-2553
Debian Security Information: DSA-2554 (Google Search)
http://www.debian.org/security/2012/dsa-2554
Debian Security Information: DSA-2556 (Google Search)
http://www.debian.org/security/2012/dsa-2556
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910
RedHat Security Advisories: RHSA-2012:1210
http://rhn.redhat.com/errata/RHSA-2012-1210.html
RedHat Security Advisories: RHSA-2012:1211
http://rhn.redhat.com/errata/RHSA-2012-1211.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-1971
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16841
Common Vulnerability Exposure (CVE) ID: CVE-2012-1972
BugTraq ID: 55314
http://www.securityfocus.com/bid/55314
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17017
Common Vulnerability Exposure (CVE) ID: CVE-2012-1973
BugTraq ID: 55316
http://www.securityfocus.com/bid/55316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17045
Common Vulnerability Exposure (CVE) ID: CVE-2012-1974
BugTraq ID: 55317
http://www.securityfocus.com/bid/55317
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17015
Common Vulnerability Exposure (CVE) ID: CVE-2012-1975
BugTraq ID: 55318
http://www.securityfocus.com/bid/55318
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17040
Common Vulnerability Exposure (CVE) ID: CVE-2012-1976
BugTraq ID: 55319
http://www.securityfocus.com/bid/55319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16818
Common Vulnerability Exposure (CVE) ID: CVE-2012-3956
BugTraq ID: 55320
http://www.securityfocus.com/bid/55320
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16997
Common Vulnerability Exposure (CVE) ID: CVE-2012-3957
BugTraq ID: 55341
http://www.securityfocus.com/bid/55341
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16940
Common Vulnerability Exposure (CVE) ID: CVE-2012-3958
BugTraq ID: 55323
http://www.securityfocus.com/bid/55323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16782
Common Vulnerability Exposure (CVE) ID: CVE-2012-3959
BugTraq ID: 55324
http://www.securityfocus.com/bid/55324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16805
Common Vulnerability Exposure (CVE) ID: CVE-2012-3960
BugTraq ID: 55325
http://www.securityfocus.com/bid/55325
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16853
Common Vulnerability Exposure (CVE) ID: CVE-2012-3961
BugTraq ID: 55321
http://www.securityfocus.com/bid/55321
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16514
Common Vulnerability Exposure (CVE) ID: CVE-2012-3962
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16494
Common Vulnerability Exposure (CVE) ID: CVE-2012-3963
BugTraq ID: 55340
http://www.securityfocus.com/bid/55340
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16437
Common Vulnerability Exposure (CVE) ID: CVE-2012-3964
BugTraq ID: 55322
http://www.securityfocus.com/bid/55322
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16857
Common Vulnerability Exposure (CVE) ID: CVE-2012-3965
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16442
Common Vulnerability Exposure (CVE) ID: CVE-2012-3966
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16246
Common Vulnerability Exposure (CVE) ID: CVE-2012-3967
BugTraq ID: 55277
http://www.securityfocus.com/bid/55277
Common Vulnerability Exposure (CVE) ID: CVE-2012-3968
BugTraq ID: 55276
http://www.securityfocus.com/bid/55276
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16280
Common Vulnerability Exposure (CVE) ID: CVE-2012-3969
BugTraq ID: 55292
http://www.securityfocus.com/bid/55292
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16635
Common Vulnerability Exposure (CVE) ID: CVE-2012-3970
BugTraq ID: 55278
http://www.securityfocus.com/bid/55278
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16876
Common Vulnerability Exposure (CVE) ID: CVE-2012-3971
BugTraq ID: 55304
http://www.securityfocus.com/bid/55304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16062
Common Vulnerability Exposure (CVE) ID: CVE-2012-3972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16234
Common Vulnerability Exposure (CVE) ID: CVE-2012-3973
BugTraq ID: 55308
http://www.securityfocus.com/bid/55308
http://osvdb.org/85005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17039
Common Vulnerability Exposure (CVE) ID: CVE-2012-3974
BugTraq ID: 55312
http://www.securityfocus.com/bid/55312
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16692
Common Vulnerability Exposure (CVE) ID: CVE-2012-3975
BugTraq ID: 55311
http://www.securityfocus.com/bid/55311
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16855
Common Vulnerability Exposure (CVE) ID: CVE-2012-3976
BugTraq ID: 55313
http://www.securityfocus.com/bid/55313
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16060
Common Vulnerability Exposure (CVE) ID: CVE-2012-3978
BugTraq ID: 55306
http://www.securityfocus.com/bid/55306
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16923
Common Vulnerability Exposure (CVE) ID: CVE-2012-3979
BugTraq ID: 55344
http://www.securityfocus.com/bid/55344
Common Vulnerability Exposure (CVE) ID: CVE-2012-3980
BugTraq ID: 55257
http://www.securityfocus.com/bid/55257
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17000
CopyrightCopyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.