Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.SUSE_11_0_MOZILLAFIREFOX-090312.NASL
HistoryJul 21, 2009 - 12:00 a.m.

openSUSE Security Update : MozillaFirefox (MozillaFirefox-591)

2009-07-2100:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
19
JSON

The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues.

MFSA 2009-07 / CVE-2009-0771 / CVE-2009-0772 / CVE-2009-0773 / CVE-2009-0774: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

MFSA 2009-08 / CVE-2009-0775: An anonymous researcher, via TippingPoint’s Zero Day Initiative program, reported a vulnerability in Mozilla’s garbage collection process. The vulnerability was caused by improper memory management of a set of cloned XUL DOM elements which were linked as a parent and child. After reloading the browser on a page with such linked elements, the browser would crash when attempting to access an object which was already destroyed. An attacker could use this crash to run arbitrary code on the victim’s computer.

MFSA 2009-09 / CVE-2009-0776: Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website.

MFSA 2009-10 / CVE-2009-0040: libpng maintainer Glenn Randers-Pehrson reported several memory safety hazards in PNG libraries used by Mozilla. These vulnerabilities could be used by a malicious website to crash a victim’s browser and potentially execute arbitrary code on their computer. libpng was upgraded to a version which contained fixes for these flaws.

MFSA 2009-11 / CVE-2009-0777: Mozilla contributor Masahiro Yamada reported that certain invisible control characters were being decoded when displayed in the location bar, resulting in fewer visible characters than were present in the actual location. An attacker could use this vulnerability to spoof the location bar and display a misleading URL for their malicious web page.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update MozillaFirefox-591.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(39887);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2009-0040", "CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774", "CVE-2009-0775", "CVE-2009-0776", "CVE-2009-0777");

  script_name(english:"openSUSE Security Update : MozillaFirefox (MozillaFirefox-591)");
  script_summary(english:"Check for the MozillaFirefox-591 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Mozilla Firefox browser is updated to version 3.0.7 fixing various
security and stability issues.

MFSA 2009-07 / CVE-2009-0771 / CVE-2009-0772 / CVE-2009-0773 /
CVE-2009-0774: Mozilla developers identified and fixed several
stability bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these crashes showed evidence of
memory corruption under certain circumstances and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.

MFSA 2009-08 / CVE-2009-0775: An anonymous researcher, via
TippingPoint's Zero Day Initiative program, reported a vulnerability
in Mozilla's garbage collection process. The vulnerability was caused
by improper memory management of a set of cloned XUL DOM elements
which were linked as a parent and child. After reloading the browser
on a page with such linked elements, the browser would crash when
attempting to access an object which was already destroyed. An
attacker could use this crash to run arbitrary code on the victim's
computer.

MFSA 2009-09 / CVE-2009-0776: Mozilla security researcher Georgi
Guninski reported that a website could use nsIRDFService and a
cross-domain redirect to steal arbitrary XML data from another domain,
a violation of the same-origin policy. This vulnerability could be
used by a malicious website to steal private data from users
authenticated to the redirected website.

MFSA 2009-10 / CVE-2009-0040: libpng maintainer Glenn Randers-Pehrson
reported several memory safety hazards in PNG libraries used by
Mozilla. These vulnerabilities could be used by a malicious website to
crash a victim's browser and potentially execute arbitrary code on
their computer. libpng was upgraded to a version which contained fixes
for these flaws.

MFSA 2009-11 / CVE-2009-0777: Mozilla contributor Masahiro Yamada
reported that certain invisible control characters were being decoded
when displayed in the location bar, resulting in fewer visible
characters than were present in the actual location. An attacker could
use this vulnerability to spoof the location bar and display a
misleading URL for their malicious web page."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=465284"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=478625"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=479610"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected MozillaFirefox packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(20, 94, 200, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.0", reference:"MozillaFirefox-3.0.7-1.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"MozillaFirefox-translations-3.0.7-1.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"mozilla-xulrunner190-1.9.0.7-1.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"mozilla-xulrunner190-devel-1.9.0.7-1.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"mozilla-xulrunner190-gnomevfs-1.9.0.7-1.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"mozilla-xulrunner190-translations-1.9.0.7-1.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"mozilla-xulrunner190-32bit-1.9.0.7-1.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.7-1.1") ) flag++;
if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"mozilla-xulrunner190-translations-32bit-1.9.0.7-1.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox");
}
VendorProductVersionCPE
novellopensusemozillafirefoxp-cpe:/a:novell:opensuse:mozillafirefox
novellopensusemozillafirefox-translationsp-cpe:/a:novell:opensuse:mozillafirefox-translations
novellopensusemozilla-xulrunner190p-cpe:/a:novell:opensuse:mozilla-xulrunner190
novellopensusemozilla-xulrunner190-32bitp-cpe:/a:novell:opensuse:mozilla-xulrunner190-32bit
novellopensusemozilla-xulrunner190-develp-cpe:/a:novell:opensuse:mozilla-xulrunner190-devel
novellopensusemozilla-xulrunner190-gnomevfsp-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs
novellopensusemozilla-xulrunner190-gnomevfs-32bitp-cpe:/a:novell:opensuse:mozilla-xulrunner190-gnomevfs-32bit
novellopensusemozilla-xulrunner190-translationsp-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations
novellopensusemozilla-xulrunner190-translations-32bitp-cpe:/a:novell:opensuse:mozilla-xulrunner190-translations-32bit
novellopensuse11.0cpe:/o:novell:opensuse:11.0

Related

nessus 41
openvas 86
redhat 3
oraclelinux 3
centos 4
suse 2
ubuntu 4
fedora 43
osv 2
debian 2
securityvulns 2
mozilla 1
ubuntucve 1
prion 1
cve 1
f5 1
cert 1
veracode 1
nessus
nessus
Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
CentOS 4 / 5 : firefox (CESA-2009:0315)
2009-03-08 00:00:00
Firefox 3.0.x < 3.0.7 Multiple Vulnerabilities
2009-03-05 00:00:00
openvas
openvas
SuSE Security Advisory SUSE-SA:2009:012 (MozillaFirefox)
2009-03-20 00:00:00
CentOS Security Advisory CESA-2009:0315 (firefox)
2009-03-13 00:00:00
Ubuntu: Security Advisory (USN-728-1)
2009-03-07 00:00:00
redhat
redhat
(RHSA-2009:0315) Critical: firefox security update
2009-03-04 00:00:00
(RHSA-2009:0325) Critical: seamonkey security update
2009-03-04 00:00:00
(RHSA-2009:0258) Moderate: thunderbird security update
2009-03-24 00:00:00
oraclelinux
oraclelinux
firefox security update
2009-03-05 00:00:00
seamonkey security update
2009-03-05 00:00:00
thunderbird security update
2009-03-24 00:00:00
centos
centos
firefox, xulrunner security update
2009-03-06 22:05:42
seamonkey security update
2009-03-11 03:59:33
seamonkey security update
2009-03-05 13:43:36
suse
suse
remote code execution in MozillaFirefox
2009-03-16 14:15:07
remote code execution in MozillaFirefox
2009-04-20 12:01:40
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2009-03-05 00:00:00
Firefox vulnerabilities
2009-03-06 00:00:00
Firefox vulnerabilities
2009-03-06 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: gnome-python2-extras-2.19.1-24.fc9
2009-03-08 19:36:13
[SECURITY] Fedora 10 Update: kazehakase-0.5.6-1.fc10.4
2009-03-08 19:37:29
[SECURITY] Fedora 9 Update: epiphany-2.22.2-8.fc9
2009-03-08 19:36:13
osv
osv
xulrunner - several vulnerabilities
2009-03-22 00:00:00
icedove - several vulnerabilities
2009-07-12 00:00:00
debian
debian
[SECURITY] [DSA 1751-1] New xulrunner packages fix several vulnerabilities
2009-03-22 21:30:20
[SECURITY] [DSA 1830-1] New icedove packages fix several vulnerabilities
2009-07-12 11:21:02
securityvulns
securityvulns
Mozilla Firefox / Seamonkey / Thunderbird multiple security vulnerabilities
2009-04-01 00:00:00
Mozilla Foundation Security Advisory 2009-07
2009-03-06 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.9.0.7) — Mozilla
2009-03-04 00:00:00
ubuntucve
ubuntucve
CVE-2009-0774
2009-03-04 00:00:00
prion
prion
Design/Logic Flaw
2009-03-05 02:30:00
cve
cve
CVE-2009-0774
2009-03-05 02:30:00
f5
f5
K9988 : libpng vulnerability CVE-2009-0040
2013-03-27 00:00:00
cert
cert
libpng fails to properly initialize element pointers
2009-03-02 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:30:13
JSON
Related for SUSE_11_0_MOZILLAFIREFOX-090312.NASL
nessus41openvas86redhat3oraclelinux3centos4suse2ubuntu4fedora43osv2debian2securityvulns2mozilla1ubuntucve1prion1cve1f51cert1veracode1