Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.850166
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory for MozillaFirefox, seamonkey, MozillaThunderbird (SUSE-SA:2011:022)
Summary:The remote host is missing an update for the 'MozillaFirefox, seamonkey, MozillaThunderbird'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'MozillaFirefox, seamonkey, MozillaThunderbird'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The Mozilla suite of browsers received security updates.

The following updates are included in this update:
Mozilla Firefox was updated on SUSE Linux Enterprise 10 and 11 to the 3.6.17 security release.
Mozilla Firefox was updated on openSUSE 11.4 to the 4.0.1 security release.
Mozilla Thunderbird was updated on openSUSE to the 3.1.10 security release.
Mozilla Seamonkey was updated on openSUSE to the 2.0.14 security release.
Mozilla XULRunner 1.9.1 was updated to 1.9.1.19.
Mozilla XULRunner 1.9.2 was updated to 1.9.2.17.

The following security issues were fixed:
MFSA 2011-12:
Mozilla developers identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these could be exploited to
run arbitrary code.

Mozilla developers Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, Nils,
Scoobidiver, and Ted Mielczarek reported memory safety issues which affected
Firefox 4. CVE-2011-0079

Mozilla developer Scoobidiver reported a memory safety issue which affected
Firefox 4 and Firefox 3.6 CVE-2011-0081

The web development team of Alcidion reported a crash that affected Firefox 4,
Firefox 3.6 and Firefox 3.5. CVE-2011-0069

Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5.
CVE-2011-0070

Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and
Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and
Firefox 3.5. CVE-2011-0080

Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox
3.5. CVE-2011-0075

Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox
3.5. CVE-2011-0078

Martin Barbella reported a memory safety issue which affected Firefox 3.6 and
Firefox 3.5. CVE-2011-0072


CVE-2011-0073:
Security researcher regenrecht reported several dangling pointer
vulnerabilities via TippingPoint's Zero Day Initiative.

Firefox 4 was not affected by these issues.


CVE-2011-0067:
Security researcher Paul Stone reported that a Java applet could be used to
mimic interaction with form autocomplete controls and steal entries from the
form history.

Firefox 4 was not affected by this issue.


CVE-2011-0076: David Remahl of Apple Product Security reported
that the Java Embedding Plugin (JEP) shipped with the Mac OS X version ...

Description truncated, please see the referenced URL(s) for more information.

Vulnerability Impact:
remote code execution, remote denial of service

Affected Software/OS:
MozillaFirefox, seamonkey, MozillaThunderbird on openSUSE 11.2, openSUSE 11.3

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0065
Debian Security Information: DSA-2227 (Google Search)
http://www.debian.org/security/2011/dsa-2227
Debian Security Information: DSA-2228 (Google Search)
http://www.debian.org/security/2011/dsa-2228
Debian Security Information: DSA-2235 (Google Search)
http://www.debian.org/security/2011/dsa-2235
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14142
http://securityreason.com/securityalert/8326
http://securityreason.com/securityalert/8331
http://securityreason.com/securityalert/8340
Common Vulnerability Exposure (CVE) ID: CVE-2011-0066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13970
Common Vulnerability Exposure (CVE) ID: CVE-2011-0067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14523
Common Vulnerability Exposure (CVE) ID: CVE-2011-0068
Common Vulnerability Exposure (CVE) ID: CVE-2011-0069
BugTraq ID: 47656
http://www.securityfocus.com/bid/47656
http://www.mandriva.com/security/advisories?name=MDVSA-2011:080
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14065
Common Vulnerability Exposure (CVE) ID: CVE-2011-0070
BugTraq ID: 47654
http://www.securityfocus.com/bid/47654
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14286
Common Vulnerability Exposure (CVE) ID: CVE-2011-0071
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14058
Common Vulnerability Exposure (CVE) ID: CVE-2011-0072
BugTraq ID: 47655
http://www.securityfocus.com/bid/47655
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14038
Common Vulnerability Exposure (CVE) ID: CVE-2011-0073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14020
http://securityreason.com/securityalert/8310
Common Vulnerability Exposure (CVE) ID: CVE-2011-0074
BugTraq ID: 47646
http://www.securityfocus.com/bid/47646
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14317
Common Vulnerability Exposure (CVE) ID: CVE-2011-0075
BugTraq ID: 47647
http://www.securityfocus.com/bid/47647
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14086
Common Vulnerability Exposure (CVE) ID: CVE-2011-0076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14498
Common Vulnerability Exposure (CVE) ID: CVE-2011-0077
BugTraq ID: 47648
http://www.securityfocus.com/bid/47648
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14193
Common Vulnerability Exposure (CVE) ID: CVE-2011-0078
BugTraq ID: 47651
http://www.securityfocus.com/bid/47651
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14246
Common Vulnerability Exposure (CVE) ID: CVE-2011-0079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14232
Common Vulnerability Exposure (CVE) ID: CVE-2011-0080
BugTraq ID: 47641
http://www.securityfocus.com/bid/47641
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13866
Common Vulnerability Exposure (CVE) ID: CVE-2011-0081
BugTraq ID: 47653
http://www.securityfocus.com/bid/47653
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993
Common Vulnerability Exposure (CVE) ID: CVE-2011-1202
BugTraq ID: 46785
http://www.securityfocus.com/bid/46785
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244
http://www.vupen.com/english/advisories/2011/0628
XForce ISS Database: google-xslt-info-disclosure(65966)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65966
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.