Mailinglist Archive: opensuse-security-announce (31 mails)

< Previous Next >
[security-announce] openSUSE-SU-2012:0234-1: important: MozillaFirefox: Version 10
openSUSE Security Update: MozillaFirefox: Version 10
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0234-1
Rating: important
References: #744275
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that contains security fixes can now be
installed. It includes 5 new package versions.

Description:

Mozilla Firefox was updated to version 10 to fix bugs and
security issues.

MFSA 2012-01: Mozilla developers identified and fixed
several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code.

In general these flaws cannot be exploited through email in
the Thunderbird and SeaMonkey products because scripting is
disabled, but are potentially a risk in browser or
browser-like contexts in those products. References

CVE-2012-0443: Ben Hawkes, Christian Holler, Honza Bombas,
Jason Orendorff, Jesse Ruderman, Jan Odvarko, Peter Van Der
Beken, and Bill McCloskey reported memory safety problems
that were fixed in Firefox 10.

CVE-2012-0442: Jesse Ruderman and Bob Clary reported memory
safety problems that were fixed in both Firefox 10 and
Firefox 3.6.26.


MFSA 2012-02/CVE-2011-3670: For historical reasons Firefox
has been generous in its interpretation of web addresses
containing square brackets around the host. If this host
was not a valid IPv6 literal address, Firefox attempted to
interpret the host as a regular domain name. Gregory
Fleischer reported that requests made using IPv6 syntax
using XMLHttpRequest objects through a proxy may generate
errors depending on proxy configuration for IPv6. The
resulting error messages from the proxy may disclose
sensitive data because Same-Origin Policy (SOP) will allow
the XMLHttpRequest object to read these error messages,
allowing user privacy to be eroded. Firefox now enforces
RFC 3986 IPv6 literal syntax and that may break links
written using the non-standard Firefox-only forms that were
previously accepted.

This was fixed previously for Firefox 7.0, Thunderbird 7.0,
and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and
Thunderbird 3.1.18 during 2012.


MFSA 2012-03/CVE-2012-0445: Alex Dvorov reported that an
attacker could replace a sub-frame in another domain's
document by using the name attribute of the sub-frame as a
form submission target. This can potentially allow for
phishing attacks against users and violates the HTML5 frame
navigation policy.

Firefox 3.6 and Thunderbird 3.1 are not affected by this
vulnerability


MFSA 2012-04/CVE-2011-3659: Security researcher regenrecht
reported via TippingPoint's Zero Day Initiative that
removed child nodes of nsDOMAttribute can be accessed under
certain circumstances because of a premature notification
of AttributeChildRemoved. This use-after-free of the child
nodes could possibly allow for for remote code execution.

MFSA 2012-05/CVE-2012-0446: Mozilla security researcher
moz_bug_r_a4 reported that frame scripts bypass XPConnect
security checks when calling untrusted objects. This allows
for cross-site scripting (XSS) attacks through web pages
and Firefox extensions. The fix enables the Script Security
Manager (SSM) to force security checks on all frame scripts.

Firefox 3.6 and Thunderbird 3.1 are not affected by this
vulnerability


MFSA 2012-06/CVE-2012-0447: Mozilla developer Tim Abraldes
reported that when encoding images as
image/vnd.microsoft.icon the resulting data was always a
fixed size, with uninitialized memory appended as padding
beyond the size of the actual image. This is the result of
mImageBufferSize in the encoder being initialized with a
value different than the size of the source image. There is
the possibility of sensitive data from uninitialized memory
being appended to a PNG image when converted fron an ICO
format image. This sensitive data may then be disclosed in
the resulting image.

Firefox 3.6 and Thunderbird 3.1 are not affected by this
vulnerability


MFSA 2012-07/CVE-2012-0444: Security researcher regenrecht
reported via TippingPoint's Zero Day Initiative the
possibility of memory corruption during the decoding of Ogg
Vorbis files. This can cause a crash during decoding and
has the potential for remote code execution.


MFSA 2012-08/CVE-2012-0449: Security researchers Nicolas
Gregoire and Aki Helin independently reported that when
processing a malformed embedded XSLT stylesheet, Firefox
can crash due to a memory corruption. While there is no
evidence that this is directly exploitable, there is a
possibility of remote code execution.

MFSA 2012-09/CVE-2012-0450: magicant starmen reported that
if a user chooses to export their Firefox Sync key the
"Firefox Recovery Key.html" file is saved with incorrect
permissions, making the file contents potentially readable
by other users on Linux and OS X systems.

Firefox 3.6 is not affected by this vulnerability.


Special Instructions and Notes:

Please reboot the system after installing this update.This
update triggers a restart of the software management stack.
More updates will be available for installation after
applying this update and restarting the application. This
update triggers a restart of the software management stack.
More updates will be available for installation after
applying this update and restarting the application.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch MozillaFirefox-5750 MozillaThunderbird-5751
mozilla-js192-5749 seamonkey-5768

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64) [New Version: 1.9.2.26,10.0,2.7 and 3.1.18]:

MozillaFirefox-10.0-0.2.1
MozillaFirefox-branding-upstream-10.0-0.2.1
MozillaFirefox-buildsymbols-10.0-0.2.1
MozillaFirefox-devel-10.0-0.2.1
MozillaFirefox-translations-common-10.0-0.2.1
MozillaFirefox-translations-other-10.0-0.2.1
MozillaThunderbird-3.1.18-0.23.1
MozillaThunderbird-buildsymbols-3.1.18-0.23.1
MozillaThunderbird-devel-3.1.18-0.23.1
MozillaThunderbird-translations-common-3.1.18-0.23.1
MozillaThunderbird-translations-other-3.1.18-0.23.1
enigmail-1.1.2+3.1.18-0.23.1
mozilla-js192-1.9.2.26-0.2.1
mozilla-xulrunner192-1.9.2.26-0.2.1
mozilla-xulrunner192-buildsymbols-1.9.2.26-0.2.1
mozilla-xulrunner192-devel-1.9.2.26-0.2.1
mozilla-xulrunner192-gnome-1.9.2.26-0.2.1
mozilla-xulrunner192-translations-common-1.9.2.26-0.2.1
mozilla-xulrunner192-translations-other-1.9.2.26-0.2.1
seamonkey-2.7-0.2.1
seamonkey-dom-inspector-2.7-0.2.1
seamonkey-irc-2.7-0.2.1
seamonkey-translations-common-2.7-0.2.1
seamonkey-translations-other-2.7-0.2.1
seamonkey-venkman-2.7-0.2.1

- openSUSE 11.4 (x86_64) [New Version: 1.9.2.26]:

mozilla-js192-32bit-1.9.2.26-0.2.1
mozilla-xulrunner192-32bit-1.9.2.26-0.2.1
mozilla-xulrunner192-gnome-32bit-1.9.2.26-0.2.1
mozilla-xulrunner192-translations-common-32bit-1.9.2.26-0.2.1
mozilla-xulrunner192-translations-other-32bit-1.9.2.26-0.2.1


References:

https://bugzilla.novell.com/744275

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages