SuSE Update for MozillaFirefox openSUSE-SU-2012:0234-1 (MozillaFirefox)

2012-08-0300:00:00
plugins.openvas.org
0.916 High
EPSS
Percentile
98.6%
JSON
Check for the Version of MozillaFirefox
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_suse_2012_0234_1.nasl 8352 2018-01-10 07:01:57Z teissa $
#
# SuSE Update for MozillaFirefox openSUSE-SU-2012:0234-1 (MozillaFirefox)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "Mozilla Firefox was updated to version 10 to fix bugs and
  security issues.

  MFSA 2012-01: Mozilla developers identified and fixed
  several memory safety bugs in the browser engine used in
  Firefox and other Mozilla-based products. Some of these
  bugs showed evidence of memory corruption under certain
  circumstances, and we presume that with enough effort at
  least some of these could be exploited to run arbitrary
  code.

  In general these flaws cannot be exploited through email in
  the Thunderbird and SeaMonkey products because scripting is
  disabled, but are potentially a risk in browser or
  browser-like contexts in those products. References

  CVE-2012-0443: Ben Hawkes, Christian Holler, Honza Bombas,
  Jason Orendorff, Jesse Ruderman, Jan Odvarko, Peter Van Der
  Beken, and Bill McCloskey reported memory safety problems
  that were fixed in Firefox 10.

  CVE-2012-0442: Jesse Ruderman and Bob Clary reported memory
  safety problems that were fixed in both Firefox 10 and
  Firefox 3.6.26.


  MFSA 2012-02/CVE-2011-3670: For historical reasons Firefox
  has been generous in its interpretation of web addresses
  containing square brackets around the host. If this host
  was not a valid IPv6 literal address, Firefox attempted to
  interpret the host as a regular domain name. Gregory
  Fleischer reported that requests made using IPv6 syntax
  using XMLHttpRequest objects through a proxy may generate
  errors depending on proxy configuration for IPv6. The
  resulting error messages from the proxy may disclose
  sensitive data because Same-Origin Policy (SOP) will allow
  the XMLHttpRequest object to read these error messages,
  allowing user privacy to be eroded. Firefox now enforces
  RFC 3986 IPv6 literal syntax and that may break links
  written using the non-standard Firefox-only forms that were
  previously accepted.

  This was fixed previously for Firefox 7.0, Thunderbird 7.0,
  and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and
  Thunderbird 3.1.18 during 2012.


  MFSA 2012-03/CVE-2012-0445: Alex Dvorov reported that an
  attacker could replace a sub-frame in another domain's
  document by using the name attribute of the sub-frame as a
  form submission target. This can potentially allow for
  phishing attacks against users and violates the HTML5 frame
  navigation policy.

  Firefox 3.6 and Thunderbird 3.1 are not affected by this
  vulnerability


  MFSA 2012-04/CVE-2011-3659: Security researcher regenrecht
  reported via TippingPoint's Zero Day Initiative that
  removed child nodes of nsDOMAttribute can be accessed under
  certain circumstances because o ...

  Description truncated, for more information please check the Reference URL";

tag_affected = "MozillaFirefox on openSUSE 11.4";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_id(850299);
  script_version("$Revision: 8352 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $");
  script_tag(name:"creation_date", value:"2012-08-03 00:05:56 +0530 (Fri, 03 Aug 2012)");
  script_cve_id("CVE-2012-0443", "CVE-2012-0442", "CVE-2011-3670", "CVE-2012-0445",
                "CVE-2011-3659", "CVE-2012-0446", "CVE-2012-0447", "CVE-2012-0444",
                "CVE-2012-0449", "CVE-2012-0450");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_xref(name: "openSUSE-SU", value: "2012:0234_1");
  script_name("SuSE Update for MozillaFirefox openSUSE-SU-2012:0234-1 (MozillaFirefox)");

  script_tag(name: "summary" , value: "Check for the Version of MozillaFirefox");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "openSUSE11.4")
{

  if ((res = isrpmvuln(pkg:"MozillaFirefox", rpm:"MozillaFirefox~10.0~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"MozillaFirefox-branding-upstream", rpm:"MozillaFirefox-branding-upstream~10.0~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"MozillaFirefox-buildsymbols", rpm:"MozillaFirefox-buildsymbols~10.0~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"MozillaFirefox-devel", rpm:"MozillaFirefox-devel~10.0~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"MozillaFirefox-translations-common", rpm:"MozillaFirefox-translations-common~10.0~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"MozillaFirefox-translations-other", rpm:"MozillaFirefox-translations-other~10.0~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"MozillaThunderbird", rpm:"MozillaThunderbird~3.1.18~0.23.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"MozillaThunderbird-buildsymbols", rpm:"MozillaThunderbird-buildsymbols~3.1.18~0.23.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"MozillaThunderbird-devel", rpm:"MozillaThunderbird-devel~3.1.18~0.23.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"MozillaThunderbird-translations-common", rpm:"MozillaThunderbird-translations-common~3.1.18~0.23.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"MozillaThunderbird-translations-other", rpm:"MozillaThunderbird-translations-other~3.1.18~0.23.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"enigmail", rpm:"enigmail~1.1.2+3.1.18~0.23.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mozilla-js192", rpm:"mozilla-js192~1.9.2.26~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mozilla-xulrunner192", rpm:"mozilla-xulrunner192~1.9.2.26~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-buildsymbols", rpm:"mozilla-xulrunner192-buildsymbols~1.9.2.26~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-devel", rpm:"mozilla-xulrunner192-devel~1.9.2.26~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-gnome", rpm:"mozilla-xulrunner192-gnome~1.9.2.26~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-common", rpm:"mozilla-xulrunner192-translations-common~1.9.2.26~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-other", rpm:"mozilla-xulrunner192-translations-other~1.9.2.26~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~2.7~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~2.7~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-irc", rpm:"seamonkey-irc~2.7~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-translations-common", rpm:"seamonkey-translations-common~2.7~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-translations-other", rpm:"seamonkey-translations-other~2.7~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"seamonkey-venkman", rpm:"seamonkey-venkman~2.7~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mozilla-js192-32bit", rpm:"mozilla-js192-32bit~1.9.2.26~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-32bit", rpm:"mozilla-xulrunner192-32bit~1.9.2.26~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-gnome-32bit", rpm:"mozilla-xulrunner192-gnome-32bit~1.9.2.26~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-common-32bit", rpm:"mozilla-xulrunner192-translations-common-32bit~1.9.2.26~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"mozilla-xulrunner192-translations-other-32bit", rpm:"mozilla-xulrunner192-translations-other-32bit~1.9.2.26~0.2.1", rls:"openSUSE11.4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}