CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.2%
Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues.
The following security issues have been fixed :
Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159)
Security researcher Orlando Barrera II reported via TippingPointâs Zero Day Initiative that Mozillaâs implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victimâs computer. (MFSA 2010-02 / CVE-2010-0160)
Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.
(MFSA 2010-03 / CVE-2009-1571)
Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988)
An anonymous security researcher, via TippingPointâs Zero Day Initiative, also independently reported this issue to Mozilla.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(44907);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2009-1571", "CVE-2009-3988", "CVE-2010-0159", "CVE-2010-0160", "CVE-2010-0162");
script_name(english:"SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 2025)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and
security issues.
The following security issues have been fixed :
- Mozilla developers identified and fixed several
stability bugs in the browser engine used in Firefox and
other Mozilla-based products. Some of these crashes
showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code. (MFSA 2010-01 / CVE-2010-0159)
- Security researcher Orlando Barrera II reported via
TippingPoint's Zero Day Initiative that Mozilla's
implementation of Web Workers contained an error in its
handling of array data types when processing posted
messages. This error could be used by an attacker to
corrupt heap memory and crash the browser, potentially
running arbitrary code on a victim's computer. (MFSA
2010-02 / CVE-2010-0160)
- Security researcher Alin Rad Pop of Secunia Research
reported that the HTML parser incorrectly freed used
memory when insufficient space was available to process
remaining input. Under such circumstances, memory
occupied by in-use objects was freed and could later be
filled with attacker-controlled text. These conditions
could result in the execution or arbitrary code if
methods on the freed objects were subsequently called.
(MFSA 2010-03 / CVE-2009-1571)
- Security researcher Hidetake Jo of Microsoft
Vulnerability Research reported that the properties set
on an object passed to showModalDialog were readable by
the document contained in the dialog, even when the
document was from a different domain. This is a
violation of the same-origin policy and could result in
a website running untrusted JavaScript if it assumed the
dialogArguments could not be initialized by another
site. (MFSA 2010-04 / CVE-2009-3988)
An anonymous security researcher, via TippingPoint's Zero Day
Initiative, also independently reported this issue to Mozilla.
- Mozilla security researcher Georgi Guninski reported
that when a SVG document which is served with
Content-Type: application/octet-stream is embedded into
another document via an embed tag with
type='image/svg+xml', the Content-Type is ignored and
the SVG document is processed normally. A website which
allows arbitrary binary data to be uploaded but which
relies on Content-Type: application/octet-stream to
prevent script execution could have such protection
bypassed. An attacker could upload a SVG document
containing JavaScript as a binary file to a website,
embed the SVG document into a malicous page on another
site, and gain access to the script environment from the
SVG-serving site, bypassing the same-origin policy.
(MFSA 2010-05 / CVE-2010-0162)"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-01.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-02.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-03.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-04.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.mozilla.org/security/announce/2010/mfsa2010-05.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=576969"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2009-1571.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2009-3988.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-0159.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-0160.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-0162.html"
);
script_set_attribute(attribute:"solution", value:"Apply SAT patch number 2025.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_cwe_id(79, 94, 264, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2010/02/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/25");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
pl = get_kb_item("Host/SuSE/patchlevel");
if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0");
flag = 0;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"MozillaFirefox-3.5.8-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"MozillaFirefox-translations-3.5.8-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-translations-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"MozillaFirefox-3.5.8-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"MozillaFirefox-translations-3.5.8-0.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"MozillaFirefox-3.5.8-0.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"MozillaFirefox-translations-3.5.8-0.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-translations-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"mozilla-xulrunner191-32bit-1.9.1.8-1.1.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.8-1.1.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:mozillafirefox |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:mozillafirefox-translations |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191 |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit |
novell | suse_linux | 11 | cpe:/o:novell:suse_linux:11 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162
support.novell.com/security/cve/CVE-2009-1571.html
support.novell.com/security/cve/CVE-2009-3988.html
support.novell.com/security/cve/CVE-2010-0159.html
support.novell.com/security/cve/CVE-2010-0160.html
support.novell.com/security/cve/CVE-2010-0162.html
www.mozilla.org/security/announce/2010/mfsa2010-01.html
www.mozilla.org/security/announce/2010/mfsa2010-02.html
www.mozilla.org/security/announce/2010/mfsa2010-03.html
www.mozilla.org/security/announce/2010/mfsa2010-04.html
www.mozilla.org/security/announce/2010/mfsa2010-05.html
bugzilla.novell.com/show_bug.cgi?id=576969