[Bug 840485] New: Firefox 24.0/17.0.9esr security release
https://bugzilla.novell.com/show_bug.cgi?id=840485 https://bugzilla.novell.com/show_bug.cgi?id=840485#c0 Summary: Firefox 24.0/17.0.9esr security release Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Firefox AssignedTo: bnc-team-mozilla@forge.provo.novell.com ReportedBy: wolfgang@rosenauer.org QAContact: qa-bugs@suse.de CC: security-team@suse.de Found By: --- Blocker: --- 2013-09-17 is the announced release date for the following Mozilla applications which contain security fixes (as always) (https://wiki.mozilla.org/Releases): Firefox 24.0 Firefox 17.0.9esr xulrunner 17.0.9esr Seamonkey 2.21 Thunderbird 17.0.9esr Thunderbird 24.0 (minimum NSPR 4.10 and NSS 3.15.1 requirements I think already met with last update round) I'll provide updates for openSUSE distributions as usual with one exception where I'd like to get some feedback: Thunderbird will do a big version update to 24.0 for non-esr versions. Since esr and non esr versions were 99,9% identical in the 17.0 series we have the choice to update to 17.0.9esr or 24.0 for released distributions which will only move the major upgrade around 12 weeks so I'm in favor to follow the big update now already. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c1
Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c2
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c3
--- Comment #3 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c4
--- Comment #4 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c5
--- Comment #5 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c6
--- Comment #6 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c7
--- Comment #7 from Alexander Bergmann
Fixed in Firefox ESR 17.0.9 --------------------------- MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object * (CVE-2013-1737) MFSA 2013-90 Memory corruption involving scrolling * use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735) * Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736) MFSA 2013-89 Buffer overflow with multi-column, lists, and floats * buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732) MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes * compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730) MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification * MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726) MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption * ABORT: bad scope for new JSObjects: 'js::IsObjectInContextCompartment(lccx.GetScopeForNewJSObjects(), cx)' under ReparentWrapper / document.open (CVE-2013-1725) MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning * Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722) MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) * Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718) * Memory safety bugs fixed in Firefox 24.0 (CVE-2013-1719) MFSA 2013-65 Buffer underflow when generating CRMF requests * ASAN heap-buffer-overflow (read 1) in cryptojs_interpret_key_gen_type (CVE-2013-1705)
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
Fixed in Firefox 24 ------------------- MFSA 2013-92 GC hazard with default compartments and frame chain restoration * GC hazard with default compartments and frame chain restoration (CVE-2013-1738) MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object * (CVE-2013-1737) MFSA 2013-90 Memory corruption involving scrolling * use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735) * Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736) MFSA 2013-89 Buffer overflow with multi-column, lists, and floats * buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732) MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes * compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730) MFSA 2013-87 Shared object library loading from writable location * Android looks for .so in public directory (CVE-2013-1731) MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers * Texture in Inspector's 3D View showing parts of the OS and other applications (CVE-2013-1729) MFSA 2013-85 Uninitialized data in IonMonkey * valgrind errors in JS testsuite ("conditional jumps on uninitialized data") (CVE-2013-1728) MFSA 2013-84 Same-origin bypass through symbolic links * Subverting Same-Origin Policy for Local Contents by Symbolic Link (CVE-2013-1727) MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification * MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726) MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption * ABORT: bad scope for new JSObjects: 'js::IsObjectInContextCompartment(lccx.GetScopeForNewJSObjects(), cx)' under ReparentWrapper / document.open (CVE-2013-1725) MFSA 2013-81 Use-after-free with select element * Heap-use-after-free in mozilla::dom::HTMLFormElement::IsDefaultSubmitElement (CVE-2013-1724) MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed * NativeKey should not continue handling key message if widget is destroyed after dispatching event (CVE-2013-1723) MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning * Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722) MFSA 2013-78 Integer overflow in ANGLE library * ANGLE libGLESv2 Integer Overflow (CVE-2013-1721) MFSA 2013-77 Improper state in HTML5 Tree Builder with templates * Heap-buffer-overflow READ in nsHtml5TreeBuilder::resetTheInsertionMode() (CVE-2013-1720) MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) * Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718) * Memory safety bugs fixed in Firefox 24.0 (CVE-2013-1719)
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c8
--- Comment #8 from Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Alexander Bergmann
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c9
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c10
--- Comment #10 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c11
--- Comment #11 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c14
Wolfgang Rosenauer
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c15
--- Comment #15 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c16
--- Comment #16 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c17
--- Comment #17 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c18
--- Comment #18 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c19
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c20
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c21
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c22
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c23
--- Comment #23 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c24
--- Comment #24 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c25
--- Comment #25 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c26
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c27
--- Comment #27 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c28
--- Comment #28 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=840485
https://bugzilla.novell.com/show_bug.cgi?id=840485#c29
--- Comment #29 from Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=840485
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=840485
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=840485
SMASH SMASH
participants (1)
-
bugzilla_noreply@novell.com