Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
The web browser Mozilla Firefox has been brought to security update version 2.0.0.12.
The Firefox versions was upgraded to 2.0.0.12 on:
- SUSE Linux 10.1, openSUSE 10.2 and 10.3
- SUSE Linux Enterprise Server and Desktop 10
All Firefox fixes were also back ported to the Firefox 1.5.0.14 version in Novell Linux Desktop 9.
Also released were Mozilla Seamonkey Suite 1.8.1.12 packages for openSUSE 10.2 and 10.3. All Mozilla Seamonkey fixes were back ported to the SUSE Linux 10.1 seamonkey 1.8.0 version.
Following security problems were fixed:
- CVE-2008-0594 Web forgery overwrite with div overlay - CVE-2008-0593 URL token stealing via stylesheet redirect - CVE-2008-0592 Mishandling of locally-saved plain text files - CVE-2008-0591 File action dialog tampering
- CVE-2008-0419 Web browsing history and forward navigation stealing
- CVE-2008-0418 Directory traversal via chrome: URI - CVE-2008-0417 Stored password corruption
- CVE-2008-0415 Privilege escalation, XSS, Remote Code Execution
- CVE-2008-0414 Multiple file input focus stealing vulnerabilities
- CVE-2008-0413 Crashes with evidence of
memory corruption (rv:1.8.1.12)
Affected
MozillaFirefox,seamonkey on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities