Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2011:5224

Overview

Id SUSE-2011:5224
Name Novell SUSE 2011:5224 MozillaFirefox security update for SLE 11 SP1 i586
Vendor Name novell
Product None
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 04 Oct 2011 12:00:00

SUSE-2011:5224

Novell SUSE 2011:5224 MozillaFirefox security update for SLE 11 SP1 i586

Vendor Name

novell

Product

None

Released On

04 Oct 2011 12:00:00

Url

http://support.novell.com

Description

LSAC(v2)
Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. * MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled,, but are potentially a risk in browser or browser-like contexts in those products. Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems that affected Firefox 3.6 and Firefox 6. (CVE-2011-2995) Josh Aas reported a potential crash in the plugin API that affected Firefox 3.6 only. (CVE-2011-2996) * MFSA 2011-37: Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. We would also like to thank Mark for contributing the fix for this problem. (no CVE yet) * MFSA 2011-38: Mozilla developer Boris Zbarsky reported that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy. This flaw allows circumvention of the fix added for MFSA 2010-10. (CVE-2011-2999) * MFSA 2011-39: Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers: Mozilla would use the second Location header while Chrome and Internet Explorer would use the first. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Most commonly it is the Location header itself that is vulnerable to the response splitting and therefore the copy preferred by Mozilla is more likely to be the malicious one. It is possible, however, that the first copy was the injected one depending on the nature of the server vulnerability. The Mozilla browser engine has been changed to treat two copies of this header with different values as an error condition. The same has been done with the headers Content-Length and Content-Disposition. (CVE-2011-3000) * MFSA 2011-40: Mariusz Mlynski reported that if you could convince a user to hold down the Enter key--as part of a game or test, perhaps--a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content. Holding enter a

Related Resources

Related Vulnerabilities

CVE-2011-2995   CVE-2011-2996   CVE-2011-2999   CVE-2011-3000   CVE-2011-2372  

Related Patches

None

Superseded Patches


Last Updated: 27 May 2016 11:12:38