Summary
The remote host is missing updates announced in
advisory SUSE-SA:2009:063.
Solution
Update your system with the packages as indicated in the referenced security advisory.
https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:063
Insight
The Mozilla Firefox browsers and XUL engines were updated to the current stable releases fixing lots of bugs and various security issues.
SUSE Linux Enterprise 10 SP2, SP3, SUSE Linux Enterprise 11 and openSUSE 11.2 were updated to Firefox 3.5.6.
openSUSE 11.0 and 11.1 were updated to Firefox 3.0.16.
The following security issues were fixed:
* MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982 Crashes with evidence of memory corruption (rv:1.9.1.6) CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
* MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
* MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
* MFSA 2009-68/CVE-2009-3983 (bmo#487872)
NTLM reflection vulnerability
CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
* MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities
CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
* MFSA 2009-70/CVE-2009-3986 (bmo#522430)
Privilege escalation via chrome window.opener
CVSS v2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Severity
Classification
-
CVE CVE-2009-3388, CVE-2009-3389, CVE-2009-3979, CVE-2009-3980, CVE-2009-3981, CVE-2009-3982, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985, CVE-2009-3986 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities