Vulners
Lucene search
SuSE Update for MozillaFirefox SUSE-SA:2007:066
🗓️ 28 Jan 2009 00:00:00Reported by Copyright (C) 2009 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 18 Views
| Reporter | Title | Published | Views | Family All 203 |
|---|---|---|---|---|
 | Mozilla Firefox < 2.0.0.10 Multiple Vulnerabilities | 27 Nov 200700:00 | – | nessus |
| SeaMonkey < 1.1.7 Multiple Vulnerabilities | 27 Nov 200700:00 | – | nessus |
| CentOS 4 : firefox (CESA-2007:1082) | 23 Apr 200900:00 | – | nessus |
| CentOS 4 / 5 : thunderbird (CESA-2007:1083) | 24 Dec 200700:00 | – | nessus |
| CentOS 3 / 4 : seamonkey (CESA-2007:1084) | 23 Apr 200900:00 | – | nessus |
| Debian DSA-1424-1 : iceweasel - several vulnerabilities | 11 Dec 200700:00 | – | nessus |
| Debian DSA-1425-1 : xulrunner - several vulnerabilities | 11 Dec 200700:00 | – | nessus |
| Fedora 7 : Miro-1.0-2.fc7 / blam-1.8.3-10.fc7 / chmsee-1.0.0-1.27.fc7 / devhelp-0.13-12.fc7 / etc (2007-3952) | 29 Nov 200700:00 | – | nessus |
| Fedora 8 : Miro-1.0-2.fc8 / blam-1.8.3-12.fc8 / chmsee-1.0.0-1.27.fc8 / devhelp-0.16.1-4.fc8 / etc (2007-3962) | 29 Nov 200700:00 | – | nessus |
| Fedora 8 : seamonkey-1.1.7-1.fc8 (2007-4098) | 11 Dec 200700:00 | – | nessus |
10
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_suse_2007_066.nasl 8050 2017-12-08 09:34:29Z santu $
#
# SuSE Update for MozillaFirefox SUSE-SA:2007:066
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "The Mozilla Firefox packages were brought to security update version
2.0.0.10 for SUSE Linux Enterprise 10, SUSE Linux 10.0, 10.1 and
openSUSE 10.2 and 10.3.
These packages include the Canvas regression fix also fixed in
2.0.0.11, so we are effectively at 2.0.0.11 with our packages.
Mozilla Firefox for Novell Linux Desktop 9 is still being prepared,
same for Mozilla Thunderbird 2.0.0.9 and Mozilla and Seamonkey Suite
packages.
The update was released on 29th of November.
Following security problems were fixed:
CVE-2007-5947: The jar protocol handler in Mozilla
Firefox retrieves the inner URL regardless of its MIME type, and
considers HTML documents within a jar archive to have the same origin
as the inner URL, which allows remote attackers to conduct cross-site
scripting (XSS) attacks via a jar: URI.
CVE-2007-5959:
The Firefox 2.0.0.10 update contains fixes for three bugs that improve
the stability of the product. These crashes showed some evidence of
memory corruption under certain circumstances and we presume that
with enough effort at least some of these could be exploited to run
arbitrary code.
CVE-2007-5960:
Gregory Fleischer demonstrated that it was possible to generate a fake
HTTP Referer header by exploiting a timing condition when setting the
window.location property. This could be used to conduct a Cross-site
Request Forgery (CSRF) attack against websites that rely only on the
Referer header as protection against such attacks.";
tag_impact = "remote code execution";
tag_affected = "MozillaFirefox on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_id(850108);
script_version("$Revision: 8050 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $");
script_tag(name:"creation_date", value:"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_xref(name: "SUSE-SA", value: "2007-066");
script_cve_id("CVE-2007-5947", "CVE-2007-5959", "CVE-2007-5960");
script_name( "SuSE Update for MozillaFirefox SUSE-SA:2007:066");
script_summary("Check for the Version of MozillaFirefox");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "openSUSE10.3")
{
if ((res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~2.0.0.10~0.1", rls:"openSUSE10.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~2.0.0.10~0.1", rls:"openSUSE10.3")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "openSUSE10.2")
{
if ((res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~2.0.0.10~0.1", rls:"openSUSE10.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~2.0.0.10~0.1", rls:"openSUSE10.2")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "LES10SP1")
{
if ((res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~2.0.0.10~0.2", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~2.0.0.10~0.2", rls:"LES10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SLESDk10SP1")
{
if ((res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~2.0.0.10~0.2", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~2.0.0.10~0.2", rls:"SLESDk10SP1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "SL10.1")
{
if ((res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~2.0.0.10~0.2", rls:"SL10.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"MozillaFirefox-translations", rpm:"MozillaFirefox-translations~2.0.0.10~0.2", rls:"SL10.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Dec 2017 00:00Current
0.9Low risk
Vulners AI Score0.9
EPSS0.13311