SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1153-1 Rating: important References: #825935 Cross-References: CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1697 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. It includes two new package versions. Description: Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security issues. * MFSA 2013-49: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) * MFSA 2013-50: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. o Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITable (CVE-2013-1684) o Heap-use-after-free in nsIDocument::GetRootElement (CVE-2013-1685) o Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686) * MFSA 2013-51 / CVE-2013-1687: Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. * MFSA 2013-53 / CVE-2013-1690: Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. * MFSA 2013-54 / CVE-2013-1692: Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes agains the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. * MFSA 2013-55 / CVE-2013-1693: Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. * MFSA 2013-59 / CVE-2013-1697: Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. Security Issue references: * CVE-2013-1682 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682
* CVE-2013-1684 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684
* CVE-2013-1685 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685
* CVE-2013-1686 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686
* CVE-2013-1687 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
* CVE-2013-1690 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
* CVE-2013-1692 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692
* CVE-2013-1693 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693
* CVE-2013-1697 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697
Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-firefox-20130628-7976 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-firefox-20130628-7976 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-firefox-20130628-7977 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-firefox-20130628-7977 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-firefox-20130628-7976 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 17.0.7esr]: MozillaFirefox-17.0.7esr-0.3.1 MozillaFirefox-translations-17.0.7esr-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.7esr]: MozillaFirefox-17.0.7esr-0.3.1 MozillaFirefox-branding-SLED-7-0.6.9.31 MozillaFirefox-translations-17.0.7esr-0.3.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 17.0.7esr]: MozillaFirefox-17.0.7esr-0.3.1 MozillaFirefox-translations-17.0.7esr-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 17.0.7esr and 7]: MozillaFirefox-17.0.7esr-0.3.1 MozillaFirefox-branding-SLED-7-0.6.9.31 MozillaFirefox-translations-17.0.7esr-0.3.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 17.0.7esr and 7]: MozillaFirefox-17.0.7esr-0.6.1 MozillaFirefox-branding-SLED-7-0.10.28 MozillaFirefox-translations-17.0.7esr-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 17.0.7esr]: MozillaFirefox-17.0.7esr-0.3.1 MozillaFirefox-branding-SLED-7-0.6.9.31 MozillaFirefox-translations-17.0.7esr-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 17.0.7esr and 7]: MozillaFirefox-17.0.7esr-0.6.1 MozillaFirefox-branding-SLED-7-0.10.28 MozillaFirefox-translations-17.0.7esr-0.6.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-branding-upstream-17.0.7esr-0.6.1 References: http://support.novell.com/security/cve/CVE-2013-1682.html http://support.novell.com/security/cve/CVE-2013-1684.html http://support.novell.com/security/cve/CVE-2013-1685.html http://support.novell.com/security/cve/CVE-2013-1686.html http://support.novell.com/security/cve/CVE-2013-1687.html http://support.novell.com/security/cve/CVE-2013-1690.html http://support.novell.com/security/cve/CVE-2013-1692.html http://support.novell.com/security/cve/CVE-2013-1693.html http://support.novell.com/security/cve/CVE-2013-1697.html https://bugzilla.novell.com/825935 http://download.novell.com/patch/finder/?keywords=061026413fe3bb69a7f42e0b70... http://download.novell.com/patch/finder/?keywords=1133af3aaf996a7684d227efbb... http://download.novell.com/patch/finder/?keywords=7d0f6003f49140e3d5ad8c675f... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org