openSUSE 安全更新:MozillaFirefox (openSUSE-SU-2012:1065-1)

critical Nessus 插件 ID 74729

简介

远程 openSUSE 主机缺少安全更新。

描述

Mozilla Firefox、Thunderbird、xulrunner、seamonkey 15.0 更新 (bnc#777588)

- MFSA 2012-57/CVE-2012-1970 多项内存安全危害

- MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-20 12-1975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/ CVE-2012-3959 CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/ CVE-2012-3964 使用地址审查器时发现释放后使用问题

- MFSA 2012-59/CVE-2012-1956 (bmo#756719) 可以使用 Object.defineProperty 遮蔽位置对象

- MFSA 2012-60/CVE-2012-3965 (bmo#769108) 通过 about:newtab 实现权限升级

- MFSA 2012-61/CVE-2012-3966(bmo#775794、bmo#775793)高度为负的位图格式图像导致内存损坏

- MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 WebGL 释放后使用错误和内存损坏

- MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 SVG 缓冲区溢出和释放后使用问题

- MFSA 2012-64/CVE-2012-3971 Graphite 2 内存损坏

- MFSA 2012-65/CVE-2012-3972 (bmo#746855) XSLT 中 format-number 中存在越界读取

- MFSA 2012-66/CVE-2012-3973 (bmo#757128) HTTPMonitor 扩展允许无显式激活的远程调试

- MFSA 2012-68/CVE-2012-3975 (bmo#770684) DOMParser 在解析 text/html 时在扩展中加载链接资源

- MFSA 2012-69/CVE-2012-3976 (bmo#768568) 站点 SSL 证书数据显示不正确

- MFSA 2012-70/CVE-2012-3978 (bmo#770429) 位置对象安全检查被 chrome 代码绕过

- MFSA 2012-72/CVE-2012-3980 (bmo#771859) Web 控制台 eval 能够执行具有 chrome 权限的代码

- 修复了启用 GStreamer 时发生的 HTML5 视频崩溃问题 (bmo#761030)

- GStreamer 仅用于 MP4(无 WebM、OGG)

- 更新了文件列表

- 将浏览器特定的首选项移动到正确位置

解决方案

更新受影响的 MozillaFirefox 程序包。

另见

https://bugzilla.novell.com/show_bug.cgi?id=777588

https://lists.opensuse.org/opensuse-updates/2012-08/msg00045.html

插件详情

严重性: Critical

ID: 74729

文件名: openSUSE-2012-538.nasl

版本: 1.4

类型: local

代理: unix

发布时间: 2014/6/13

最近更新时间: 2021/1/19

支持的传感器: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

风险信息

VPR

风险因素: Medium

分数: 6.7

CVSS v2

风险因素: Critical

基本分数: 10

矢量: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

漏洞信息

CPE: p-cpe:/a:novell:opensuse:mozillafirefox, p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream, p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols, p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo, p-cpe:/a:novell:opensuse:mozillafirefox-debugsource, p-cpe:/a:novell:opensuse:mozillafirefox-devel, p-cpe:/a:novell:opensuse:mozillafirefox-translations-common, p-cpe:/a:novell:opensuse:mozillafirefox-translations-other, p-cpe:/a:novell:opensuse:mozillathunderbird, p-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols, p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo, p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource, p-cpe:/a:novell:opensuse:mozillathunderbird-devel, p-cpe:/a:novell:opensuse:mozillathunderbird-devel-debuginfo, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:enigmail-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3, p-cpe:/a:novell:opensuse:libfreebl3-32bit, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsoftokn3, p-cpe:/a:novell:opensuse:libsoftokn3-32bit, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-js, p-cpe:/a:novell:opensuse:mozilla-js-32bit, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss, p-cpe:/a:novell:opensuse:mozilla-nss-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs, p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debugsource, p-cpe:/a:novell:opensuse:mozilla-nss-devel, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-tools, p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:seamonkey-debuginfo, p-cpe:/a:novell:opensuse:seamonkey-debugsource, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:seamonkey-translations-other, p-cpe:/a:novell:opensuse:seamonkey-venkman, p-cpe:/a:novell:opensuse:xulrunner, p-cpe:/a:novell:opensuse:xulrunner-32bit, p-cpe:/a:novell:opensuse:xulrunner-buildsymbols, p-cpe:/a:novell:opensuse:xulrunner-debuginfo, p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit, p-cpe:/a:novell:opensuse:xulrunner-debugsource, p-cpe:/a:novell:opensuse:xulrunner-devel, p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo, cpe:/o:novell:opensuse:12.2

必需的 KB 项: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

补丁发布日期: 2012/8/29

参考资料信息

CVE: CVE-2012-1956, CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3965, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3973, CVE-2012-3975, CVE-2012-3976, CVE-2012-3978, CVE-2012-3980