Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2012.0896.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2012:0896-1)
Summary:The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2012:0896-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Mozilla Firefox' package(s) announced via the SUSE-SU-2012:0896-1 advisory.

Vulnerability Insight:
MozillaFirefox has been updated to the 10.0.6ESR security release fixing various bugs and several security issues,
some critical.

The following security issues have been fixed:

*

MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

*

CVE-2012-1948: Benoit Jacob, Jesse Ruderman,
Christian Holler, and Bill McCloskey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 13.

*

MFSA 2012-43 / CVE-2012-1950: Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page.
This could lead to potential phishing attacks on users.

*

MFSA 2012-44 Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. The first use-afte.r-free problem is caused when an array of nsSMILTimeValueSpec objects is destroyed but attempts are made to call into objects in this array later.
The second use-after-free problem is in nsDocument::AdoptNode when it adopts into an empty document and then adopts into another document, emptying the first one. The heap buffer overflow is in ElementAnimations when data is read off of end of an array and then pointers are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is called with frames in aFrameList that are a mix of row group frames and column group frames. AppendFrames is not able to handle this mix.

All four of these issues are potentially exploitable.

o CVE-2012-1951: Heap-use-after-free in nsSMILTimeValueSpec::IsEventBased o CVE-2012-1954:
Heap-use-after-free in nsDocument::AdoptNode o CVE-2012-1953: Out of bounds read in ElementAnimations::EnsureStyleRuleFor o CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames
*

MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user input form or other data on the newer, attacking, site while appearing to be on the older, displayed site.

*

MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher moz_bug_r_a4 reported a cross-site scripting
(XSS) attack through the context menu using a data: URL. In this issue, conte... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Mozilla Firefox' package(s) on SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 11 SP1

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1948
BugTraq ID: 54580
http://www.securityfocus.com/bid/54580
Debian Security Information: DSA-2514 (Google Search)
http://www.debian.org/security/2012/dsa-2514
Debian Security Information: DSA-2528 (Google Search)
http://www.debian.org/security/2012/dsa-2528
http://osvdb.org/84007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16744
RedHat Security Advisories: RHSA-2012:1088
http://rhn.redhat.com/errata/RHSA-2012-1088.html
http://www.securitytracker.com/id?1027256
http://www.securitytracker.com/id?1027257
http://www.securitytracker.com/id?1027258
http://secunia.com/advisories/49963
http://secunia.com/advisories/49964
http://secunia.com/advisories/49965
http://secunia.com/advisories/49968
http://secunia.com/advisories/49972
http://secunia.com/advisories/49977
http://secunia.com/advisories/49979
http://secunia.com/advisories/49992
http://secunia.com/advisories/49993
http://secunia.com/advisories/49994
SuSE Security Announcement: SUSE-SU-2012:0895 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html
SuSE Security Announcement: SUSE-SU-2012:0896 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
SuSE Security Announcement: openSUSE-SU-2012:0899 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
SuSE Security Announcement: openSUSE-SU-2012:0917 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html
http://www.ubuntu.com/usn/USN-1509-1
http://www.ubuntu.com/usn/USN-1509-2
http://www.ubuntu.com/usn/USN-1510-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-1949
http://osvdb.org/84006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17027
Common Vulnerability Exposure (CVE) ID: CVE-2012-1950
http://osvdb.org/84008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16970
Common Vulnerability Exposure (CVE) ID: CVE-2012-1951
BugTraq ID: 54578
http://www.securityfocus.com/bid/54578
http://osvdb.org/83997
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16077
Common Vulnerability Exposure (CVE) ID: CVE-2012-1952
http://osvdb.org/83999
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16942
Common Vulnerability Exposure (CVE) ID: CVE-2012-1953
http://osvdb.org/83998
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16894
Common Vulnerability Exposure (CVE) ID: CVE-2012-1954
http://osvdb.org/83995
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16984
Common Vulnerability Exposure (CVE) ID: CVE-2012-1955
BugTraq ID: 54586
http://www.securityfocus.com/bid/54586
http://osvdb.org/83996
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17004
Common Vulnerability Exposure (CVE) ID: CVE-2012-1957
BugTraq ID: 54583
http://www.securityfocus.com/bid/54583
http://osvdb.org/84000
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16844
Common Vulnerability Exposure (CVE) ID: CVE-2012-1958
BugTraq ID: 54574
http://www.securityfocus.com/bid/54574
http://osvdb.org/84001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16434
Common Vulnerability Exposure (CVE) ID: CVE-2012-1959
BugTraq ID: 54576
http://www.securityfocus.com/bid/54576
http://osvdb.org/84002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16920
Common Vulnerability Exposure (CVE) ID: CVE-2012-1960
BugTraq ID: 54572
http://www.securityfocus.com/bid/54572
http://osvdb.org/84010
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16735
Common Vulnerability Exposure (CVE) ID: CVE-2012-1961
BugTraq ID: 54584
http://www.securityfocus.com/bid/54584
http://osvdb.org/84003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16993
Common Vulnerability Exposure (CVE) ID: CVE-2012-1962
BugTraq ID: 54575
http://www.securityfocus.com/bid/54575
http://osvdb.org/84004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16729
Common Vulnerability Exposure (CVE) ID: CVE-2012-1963
BugTraq ID: 54582
http://www.securityfocus.com/bid/54582
http://osvdb.org/84005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17056
Common Vulnerability Exposure (CVE) ID: CVE-2012-1964
BugTraq ID: 54581
http://www.securityfocus.com/bid/54581
http://osvdb.org/84011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16783
Common Vulnerability Exposure (CVE) ID: CVE-2012-1965
BugTraq ID: 54579
http://www.securityfocus.com/bid/54579
http://osvdb.org/84012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001
Common Vulnerability Exposure (CVE) ID: CVE-2012-1966
BugTraq ID: 54577
http://www.securityfocus.com/bid/54577
http://osvdb.org/84009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17037
Common Vulnerability Exposure (CVE) ID: CVE-2012-1967
BugTraq ID: 54573
http://www.securityfocus.com/bid/54573
http://osvdb.org/84013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17025
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.