SuSE Update For MozillaFirefox,MozillaThunderbird SUSE-SA:2011:028 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

Mozilla Firefox and Thunderbird were updated to fix several security issues: * CVE-2011-2365 Miscellaneous memory safety hazards * CVE-2011-2373 Use-after-free vulnerability when viewing XUL document with script disabled * CVE-2011-2377 Memory corruption due to multipart/x-mixed-replace images * CVE-2011-2371 Integer overflow and arbitrary code execution in Array.reduceRight() * CVE-2011-2363 Multiple dangling pointer vulnerabilities * CVE-2011-2362 Cookie isolation error * CVE-2011-2366 Stealing of cross-domain images using WebGL textures * CVE-2011-2368 Multiple WebGL crashes * CVE-2011-2369 XSS encoding hazard with inline SVG * CVE-2011-2370 Non-whitelisted site can trigger xpinstall

Affected

MozillaFirefox,MozillaThunderbird on openSUSE 11.3, openSUSE 11.4

References

http://www.suse.com/support/security/advisories/2011_28_firefox.html

Updated on 2015-03-25

Severity

Classification

CVE	CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2366, CVE-2011-2367, CVE-2011-2368, CVE-2011-2369, CVE-2011-2370, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2376, CVE-2011-2377

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SuSE Update for MozillaFirefox,MozillaThunderbird SUSE-SA:2011:028

Take action and discover your vulnerabilities