SuSE 11 / 11.1 Security Update for Mozilla XULRunner to version 1.9.1.1
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Fedora | [SECURITY] Fedora 14 Update: perl-Gtk2-MozEmbed-0.08-6.fc14.21 | 28 Oct 201022:18 | – | fedora |
Fedora | [SECURITY] Fedora 14 Update: mozvoikko-1.0-16.fc14.1 | 28 Oct 201022:18 | – | fedora |
Fedora | [SECURITY] Fedora 12 Update: mozvoikko-1.0-14.fc12 | 30 Oct 201023:43 | – | fedora |
Fedora | [SECURITY] Fedora 14 Update: gnome-web-photo-0.9-15.fc14.1 | 28 Oct 201022:18 | – | fedora |
Fedora | [SECURITY] Fedora 12 Update: galeon-2.0.7-27.fc12 | 30 Oct 201023:43 | – | fedora |
Fedora | [SECURITY] Fedora 12 Update: perl-Gtk2-MozEmbed-0.08-6.fc12.17 | 30 Oct 201023:43 | – | fedora |
Fedora | [SECURITY] Fedora 12 Update: gnome-python2-extras-2.25.3-22.fc12 | 30 Oct 201023:43 | – | fedora |
Fedora | [SECURITY] Fedora 12 Update: gnome-web-photo-0.9-11.fc12 | 30 Oct 201023:43 | – | fedora |
Fedora | [SECURITY] Fedora 14 Update: galeon-2.0.7-35.fc14.1 | 28 Oct 201022:18 | – | fedora |
Fedora | [SECURITY] Fedora 14 Update: gnome-python2-extras-2.25.3-25.fc14.1 | 28 Oct 201022:18 | – | fedora |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(50952);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2010-3170", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765");
script_name(english:"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update brings the Mozilla XULRunner engine to version 1.9.1.15,
fixing various bugs and security issues.
The following security issues were fixed :
- Mozilla developers identified and fixed several memory
safety bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code. References. (MFSA 2010-64)
Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor
Bukanov and Josh Soref reported memory safety problems
that affected Firefox 3.6 and Firefox 3.5.
- Memory safety bugs - Firefox 3.6, Firefox 3.5
- Gary Kwong, Martijn Wargers and Siddharth Agarwal
reported memory safety problems that affected Firefox
3.6 only. (CVE-2010-3176)
- Memory safety bugs - Firefox 3.6
- CVE-2010-3175
- Security researcher Alexander Miller reported that
passing an excessively long string to document.write
could cause text rendering routines to end up in an
inconsistent state with sections of stack memory being
overwritten with the string data. An attacker could use
this flaw to crash a victim's browser and potentially
run arbitrary code on their computer. (MFSA 2010-65 /
CVE-2010-3179)
- Security researcher Sergey Glazunov reported that it was
possible to access the locationbar property of a window
object after it had been closed. Since the closed
window's memory could have been subsequently reused by
the system it was possible that an attempt to access the
locationbar property could result in the execution of
attacker-controlled memory. (MFSA 2010-66 /
CVE-2010-3180)
- Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that when
window.__lookupGetter__ is called with no arguments the
code assumes the top JavaScript stack value is a
property name. Since there were no arguments passed into
the function, the top value could represent
uninitialized memory or a pointer to a previously freed
JavaScript object. Under such circumstances the value is
passed to another subroutine which calls through the
dangling pointer, potentially executing
attacker-controlled memory. (MFSA 2010-67 /
CVE-2010-3183)
- Google security researcher Robert Swiecki reported that
functions used by the Gopher parser to convert text to
HTML tags could be exploited to turn text into
executable JavaScript. If an attacker could create a
file or directory on a Gopher server with the encoded
script as part of its name the script would then run in
a victim's browser within the context of the site. (MFSA
2010-68 / CVE-2010-3177)
- Security researcher Eduardo Vela Nava reported that if a
web page opened a new window and used a javascript: URL
to make a modal call, such as alert(), then subsequently
navigated the page to a different domain, once the modal
call returned the opener of the window could get access
to objects in the navigated window. This is a violation
of the same-origin policy and could be used by an
attacker to steal information from another web site.
(MFSA 2010-69 / CVE-2010-3178)
- Security researcher Richard Moore reported that when an
SSL certificate was created with a common name
containing a wildcard followed by a partial IP address a
valid SSL connection could be established with a server
whose IP address matched the wildcard range by browsing
directly to the IP address. It is extremely unlikely
that such a certificate would be issued by a Certificate
Authority. (MFSA 2010-70 / CVE-2010-3170)
- Dmitri Gribenko reported that the script used to launch
Mozilla applications on Linux was effectively including
the current working directory in the LD_LIBRARY_PATH
environment variable. If an attacker was able to place
into the current working directory a malicious shared
library with the same name as a library that the
bootstrapping script depends on the attacker could have
their library loaded instead of the legitimate library.
(MFSA 2010-71 / CVE-2010-3182)
- Morten Kråkvik of Telenor SOC reported an
exploit targeting particular versions of Firefox 3.6 on
Windows XP that Telenor found while investigating an
intrusion attempt on a customer network. The underlying
vulnerability, however, was present on both the Firefox
3.5 and Firefox 3.6 development branches and affected
all supported platforms. (MFSA 2010-73 / CVE-2010-3765)"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=653606"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3170.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3175.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3176.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3177.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3178.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3179.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3180.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3182.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3183.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3765.html"
);
script_set_attribute(
attribute:"solution",
value:"Apply SAT patch number 3557 / 3558 as appropriate."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2010/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
flag = 0;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo