Summary
The remote host is missing updates announced in
advisory SUSE-SA:2009:034.
Solution
Update your system with the packages as indicated in the referenced security advisory.
https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:034
Insight
The Mozilla Firefox browser was updated to version 3.0.11, fixing various bugs and security issues:
* MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833 Crashes with evidence of memory corruption (rv:1.9.0.11) * MFSA 2009-25/CVE-2009-1834 (bmo#479413)
URL spoofing with invalid unicode characters
* MFSA 2009-26/CVE-2009-1835 (bmo#491801)
Arbitrary domain cookie access by local file: resources * MFSA 2009-27/CVE-2009-1836 (bmo#479880)
SSL tampering via non-200 responses to proxy CONNECT requests * MFSA 2009-28/CVE-2009-1837 (bmo#486269)
Race condition while accessing the private data of a NPObject JS wrapper class object
* MFSA 2009-29/CVE-2009-1838 (bmo#489131)
Arbitrary code execution using event listeners attached to an element whose owner document is null
* MFSA 2009-30/CVE-2009-1839 (bmo#479943)
Incorrect principal set for file: resources loaded via location bar
* MFSA 2009-31/CVE-2009-1840 (bmo#477979)
XUL scripts bypass content-policy checks
* MFSA 2009-32/CVE-2009-1841 (bmo#479560)
JavaScript chrome privilege escalation
Severity
Classification
-
CVE CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1834, CVE-2009-1835, CVE-2009-1836, CVE-2009-1837, CVE-2009-1838, CVE-2009-1839, CVE-2009-1840, CVE-2009-1841 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities