Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
The web browser Mozilla Firefox was brought to security update version 2.0.0.13.
Following security problems were fixed:
- CVE-2008-1241: XUL pop-up spoofing variant (cross-tab popups)
- CVE-2008-1240: Java socket connection
to any local port via LiveConnect
- CVE-2007-4879: Privacy issue with SSL Client
Authentication
- CVE-2008-1238: HTTP Referrer spoofing with malformed URLs
- CVE-2008-1237: Crashes with evidence
of memory corruption (rv:1.8.1.13)
- CVE-2008-1235:
JavaScript privilege escalation and arbitrary code execution.
On Novell Linux Desktop 9 the fixes were back ported to the Firefox 1.5.0.14 version.
seamonkey, mozilla-xulrunner and likely Thunderbird updates will follow in the next days.
Affected
MozillaFirefox on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, Novell Linux Desktop 9, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-4879, CVE-2008-1195, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities