Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.SUSE_11_MOZILLAFIREFOX-090724.NASL
HistorySep 24, 2009 - 12:00 a.m.

SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1134)

2009-09-2400:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
128

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.903 High

EPSS

Percentile

98.8%

JSON

The Mozilla Firefox 3.0.12 release fixes various bugs and some critical security issues.

  • Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2009-34 / CVE-2009-2462 / CVE-2009-2463 / CVE-2009-2464 / CVE-2009-2465 / CVE-2009-2466)

  • Security researcher Attila Suszter reported that when a page contains a Flash object which presents a slow script dialog, and the page is navigated while the dialog is still visible to the user, the Flash plugin is unloaded resulting in a crash due to a call to the deleted object. This crash could potentially be used by an attacker to run arbitrary code on a victim’s computer. (MFSA 2009-35 / CVE-2009-2467)

  • oCERT security researcher Will Drewry reported a series of heap and integer overflow vulnerabilities which independently affected multiple font glyph rendering libraries. On Linux platforms libpango was susceptible to the vulnerabilities while on OS X CoreGraphics was similarly vulnerable. An attacker could trigger these overflows by constructing a very large text run for the browser to display. Such an overflow can result in a crash which the attacker could potentially use to run arbitrary code on a victim’s computer. The open source nature of Linux meant that Mozilla was able to work with the libpango maintainers to implement the correct fix in version 1.24 of that system library which was distributed with OS security updates. On Mac OS X Firefox works around the CoreGraphics flaw by limiting the length of text runs passed to the system. (MFSA 2009-36 / CVE-2009-1194)

  • Security researcher PenPal reported a crash involving a SVG element on which a watch function and
    defineSetter function have been set for a particular property. The crash showed evidence of memory corruption and could potentially be used by an attacker to run arbitrary code on a victim’s computer. (MFSA 2009-37 / CVE-2009-2469)

  • Mozilla developer Blake Kaplan reported that setTimeout, when called with certain object parameters which should be protected with a XPCNativeWrapper, will fail to keep the object wrapped when compiling the new function to be executed. If chrome privileged code were to call setTimeout using this as an argument, the this object will lose its wrapper and could be unsafely accessed by chrome code. An attacker could use such vulnerable code to run arbitrary JavaScript with chrome privileges.
    (MFSA 2009-39 / CVE-2009-2471)

  • Mozilla security researcher moz_bug_r_a4 reported a series of vulnerabilities in which objects that normally receive a XPCCrossOriginWrapper are constructed without the wrapper. This can lead to cases where JavaScript from one website may unsafely access properties of such an object which had been set by a different website. A malicious website could use this vulnerability to launch a XSS attack and run arbitrary JavaScript within the context of another site. (MFSA 2009-40 / CVE-2009-2472)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(41357);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2009-1194", "CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2464", "CVE-2009-2465", "CVE-2009-2466", "CVE-2009-2467", "CVE-2009-2469", "CVE-2009-2471", "CVE-2009-2472");

  script_name(english:"SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1134)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Mozilla Firefox 3.0.12 release fixes various bugs and some
critical security issues.

  - Mozilla developers and community members identified and
    fixed several stability bugs in the browser engine used
    in Firefox and other Mozilla-based products. Some of
    these crashes showed evidence of memory corruption under
    certain circumstances and we presume that with enough
    effort at least some of these could be exploited to run
    arbitrary code. (MFSA 2009-34 / CVE-2009-2462 /
    CVE-2009-2463 / CVE-2009-2464 / CVE-2009-2465 /
    CVE-2009-2466)

  - Security researcher Attila Suszter reported that when a
    page contains a Flash object which presents a slow
    script dialog, and the page is navigated while the
    dialog is still visible to the user, the Flash plugin is
    unloaded resulting in a crash due to a call to the
    deleted object. This crash could potentially be used by
    an attacker to run arbitrary code on a victim's
    computer. (MFSA 2009-35 / CVE-2009-2467)

  - oCERT security researcher Will Drewry reported a series
    of heap and integer overflow vulnerabilities which
    independently affected multiple font glyph rendering
    libraries. On Linux platforms libpango was susceptible
    to the vulnerabilities while on OS X CoreGraphics was
    similarly vulnerable. An attacker could trigger these
    overflows by constructing a very large text run for the
    browser to display. Such an overflow can result in a
    crash which the attacker could potentially use to run
    arbitrary code on a victim's computer. The open source
    nature of Linux meant that Mozilla was able to work with
    the libpango maintainers to implement the correct fix in
    version 1.24 of that system library which was
    distributed with OS security updates. On Mac OS X
    Firefox works around the CoreGraphics flaw by limiting
    the length of text runs passed to the system. (MFSA
    2009-36 / CVE-2009-1194)

  - Security researcher PenPal reported a crash involving a
    SVG element on which a watch function and
    __defineSetter__ function have been set for a particular
    property. The crash showed evidence of memory corruption
    and could potentially be used by an attacker to run
    arbitrary code on a victim's computer. (MFSA 2009-37 /
    CVE-2009-2469)

  - Mozilla developer Blake Kaplan reported that setTimeout,
    when called with certain object parameters which should
    be protected with a XPCNativeWrapper, will fail to keep
    the object wrapped when compiling the new function to be
    executed. If chrome privileged code were to call
    setTimeout using this as an argument, the this object
    will lose its wrapper and could be unsafely accessed by
    chrome code. An attacker could use such vulnerable code
    to run arbitrary JavaScript with chrome privileges.
    (MFSA 2009-39 / CVE-2009-2471)

  - Mozilla security researcher moz_bug_r_a4 reported a
    series of vulnerabilities in which objects that normally
    receive a XPCCrossOriginWrapper are constructed without
    the wrapper. This can lead to cases where JavaScript
    from one website may unsafely access properties of such
    an object which had been set by a different website. A
    malicious website could use this vulnerability to launch
    a XSS attack and run arbitrary JavaScript within the
    context of another site. (MFSA 2009-40 / CVE-2009-2472)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2009/mfsa2009-34.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2009/mfsa2009-35.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2009/mfsa2009-36.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2009/mfsa2009-37.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2009/mfsa2009-39.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2009/mfsa2009-40.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=522109"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-1194.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-2462.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-2463.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-2464.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-2465.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-2466.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-2467.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-2469.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-2471.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-2472.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 1134.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(79, 189, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/07/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0");


flag = 0;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"MozillaFirefox-3.0.12-0.1.2")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"MozillaFirefox-translations-3.0.12-0.1.2")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner190-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner190-gnomevfs-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner190-translations-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"MozillaFirefox-3.0.12-0.1.2")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"MozillaFirefox-translations-3.0.12-0.1.2")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-32bit-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-gnomevfs-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-translations-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-translations-32bit-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"MozillaFirefox-3.0.12-0.1.2")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"MozillaFirefox-translations-3.0.12-0.1.2")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner190-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner190-gnomevfs-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner190-translations-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"mozilla-xulrunner190-32bit-1.9.0.12-1.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-32bit-1.9.0.12-1.1.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozillafirefox
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozillafirefox-translations
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit
novellsuse_linux11cpe:/o:novell:suse_linux:11

References

Related

nessus 33
suse 2
openvas 59
fedora 18
osv 1
ubuntu 2
debian 2
seebug 1
securityvulns 7
redhat 3
centos 3
oraclelinux 3
mozilla 5
prion 7
nvd 10
cve 10
cvelist 9
ubuntucve 10
veracode 9
debiancve 2
checkpoint_advisories 2
freebsd 1
nessus
nessus
openSUSE Security Update : MozillaFirefox (MozillaFirefox-1135)
2009-07-28 00:00:00
openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6379)
2009-10-06 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-798-1)
2009-07-23 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-07-27 13:06:57
remote code execution in MozillaFirefox
2009-08-06 11:30:16
openvas
openvas
SUSE: Security Advisory for MozillaFirefox (SUSE-SA:2009:039)
2009-07-29 00:00:00
RedHat Security Advisory RHSA-2009:1162
2009-07-29 00:00:00
CentOS Update for firefox CESA-2009:1162 centos5 i386
2011-08-09 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: galeon-2.0.7-12.fc10
2009-07-23 19:14:52
[SECURITY] Fedora 10 Update: ruby-gnome2-0.19.0-3.fc10.1
2009-07-23 19:14:52
[SECURITY] Fedora 10 Update: kazehakase-0.5.6-4.fc10.4
2009-07-23 19:14:52
osv
osv
xulrunner - several vulnerabilities
2009-07-23 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2009-07-22 00:00:00
Pango vulnerability
2009-05-07 00:00:00
debian
debian
[SECURITY] [DSA 1840-1] New xulrunner packages fix several vulnerabilities
2009-07-23 10:30:34
[SECURITY] [DSA 1798-1] New pango1.0 packages fix arbitrary code execution
2009-05-10 09:29:15
seebug
seebug
Mozilla Firefox MFSA存在多个安全漏洞
2009-07-24 00:00:00
securityvulns
securityvulns
Multiple Mozilla Firefox security vulnerabilities
2009-07-22 00:00:00
Mozilla Foundation Security Advisory 2009-34
2009-07-22 00:00:00
Mozilla Foundation Security Advisory 2009-35
2009-07-22 00:00:00
redhat
redhat
(RHSA-2009:1162) Critical: firefox security update
2009-07-21 00:00:00
(RHSA-2009:1163) Critical: seamonkey security update
2009-07-21 00:00:00
(RHSA-2009:0476) Important: pango security update
2009-05-08 00:00:00
centos
centos
firefox, xulrunner security update
2009-07-28 12:22:37
seamonkey security update
2009-07-22 22:37:56
evolution28, pango security update
2009-05-08 21:06:55
oraclelinux
oraclelinux
firefox security update
2009-07-22 00:00:00
seamonkey security update
2009-07-22 00:00:00
pango security update
2009-05-08 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.9.1/1.9.0.12) — Mozilla
2009-07-21 00:00:00
Crash and remote code execution during Flash player unloading — Mozilla
2009-07-21 00:00:00
Multiple cross origin wrapper bypasses — Mozilla
2009-07-21 00:00:00
prion
prion
Design/Logic Flaw
2009-07-22 18:30:00
Design/Logic Flaw
2009-07-22 18:30:00
Cross site scripting
2009-07-22 18:30:00
nvd
nvd
CVE-2009-2467
2009-07-22 18:30:00
CVE-2009-2469
2009-07-22 18:30:00
CVE-2009-2472
2009-07-22 18:30:00
cve
cve
CVE-2009-2467
2009-07-22 18:30:00
CVE-2009-2466
2009-07-22 18:30:00
CVE-2009-2472
2009-07-22 18:30:00
cvelist
cvelist
CVE-2009-2467
2009-07-22 18:00:00
CVE-2009-2466
2009-07-22 18:00:00
CVE-2009-2464
2009-07-22 18:00:00
ubuntucve
ubuntucve
CVE-2009-2467
2009-07-22 00:00:00
CVE-2009-2472
2009-07-22 00:00:00
CVE-2009-2471
2009-07-22 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:36:32
Arbitrary Code Execution
2020-04-10 00:36:27
Denial Of Service (DoS)
2020-04-10 00:36:31
debiancve
debiancve
CVE-2009-1194
2009-05-11 15:30:00
CVE-2009-2463
2009-07-22 18:30:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox ConstructFrame With Floating First-letter Memory Corruption (CVE-2009-2462)
2010-05-31 00:00:00
Mozilla Firefox SVG Element Processing Memory Corruption (CVE-2009-2469)
2010-03-04 00:00:00
freebsd
freebsd
pango -- integer overflow
2009-02-22 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.903 High

EPSS

Percentile

98.8%

JSON
Related for SUSE_11_MOZILLAFIREFOX-090724.NASL
nessus33suse2openvas59fedora18osv1ubuntu2debian2seebug1securityvulns7redhat3centos3oraclelinux3mozilla5prion7nvd10cve10cvelist9ubuntucve10veracode9debiancve2checkpoint_advisories2freebsd1