[Bug 720264] New: Firefox 7 / 3.6.23 and other Mozilla apps
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c0 Summary: Firefox 7 / 3.6.23 and other Mozilla apps Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Firefox AssignedTo: security-team@suse.de ReportedBy: wolfgang@rosenauer.org QAContact: qa@suse.de Found By: --- Blocker: --- Regular Mozilla update round including security maintenance releases: (planned release 2011-09-27) Firefox 7 Firefox 3.6.23 / xulrunner 1.9.2.23 Thunderbird 3.1.15 Thunderbird 7 Seamonkey 2.4 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Firefox 7 / 3.6.23 and |VUL-0: Firefox 7 / 3.6.23 |other Mozilla apps |and other Mozilla apps -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c1 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:43416:importa | |nt --- Comment #1 from Swamp Workflow Management <swamp@suse.de> 2011-09-26 08:54:20 UTC --- The SWAMPID for this issue is 43416. This issue was rated as important. Please submit fixed packages until 2011-10-03. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c2 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pcerny@suse.com --- Comment #2 from Marcus Meissner <meissner@suse.com> 2011-09-27 20:30:17 UTC --- *** Bug 720686 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=720686 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c3 --- Comment #3 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2011-09-28 05:15:31 UTC --- Everything is basically prepared. I was waiting the whole yesterday for their official security announcement to add it to the changelogs but nothing there still. I'm going to submitreq the updates. In case the announcement shows up soon we can supersede them but for now I'll submit w/o proper MFSA/CVE information. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c4 --- Comment #4 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-09-28 08:00:22 CEST --- This is an autogenerated message for OBS integration: This bug (720264) was mentioned in https://build.opensuse.org/request/show/85234 Evergreen:11.1 / mozilla-xulrunner192 https://build.opensuse.org/request/show/85235 Evergreen:11.1 / MozillaFirefox https://build.opensuse.org/request/show/85236 Evergreen:11.2 / MozillaFirefox https://build.opensuse.org/request/show/85237 Evergreen:11.2 / mozilla-xulrunner192 https://build.opensuse.org/request/show/85238 Evergreen:11.2 / MozillaThunderbird https://build.opensuse.org/request/show/85239 Evergreen:11.1 / MozillaThunderbird https://build.opensuse.org/request/show/85240 Evergreen:11.2 / seamonkey https://build.opensuse.org/request/show/85241 11.3 / MozillaThunderbird https://build.opensuse.org/request/show/85242 11.4 / MozillaThunderbird https://build.opensuse.org/request/show/85243 11.3 / mozilla-xulrunner192 https://build.opensuse.org/request/show/85244 11.4 / mozilla-xulrunner192 https://build.opensuse.org/request/show/85245 11.3 / MozillaFirefox https://build.opensuse.org/request/show/85246 11.4 / MozillaFirefox https://build.opensuse.org/request/show/85247 11.4 / seamonkey https://build.opensuse.org/request/show/85248 11.3 / seamonkey -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c5 --- Comment #5 from Marcus Meissner <meissner@suse.com> 2011-09-28 09:10:12 UTC --- still no official info on http://www.mozilla.org/security/announce/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c6 --- Comment #6 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-09-28 12:00:26 CEST --- This is an autogenerated message for OBS integration: This bug (720264) was mentioned in https://build.opensuse.org/request/show/85278 Factory / mozilla-xulrunner192 https://build.opensuse.org/request/show/85279 Factory / seamonkey https://build.opensuse.org/request/show/85280 Factory / xulrunner https://build.opensuse.org/request/show/85281 Factory / MozillaFirefox https://build.opensuse.org/request/show/85282 Factory / MozillaThunderbird -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c7 --- Comment #7 from Marcus Meissner <meissner@suse.com> 2011-09-28 11:36:15 UTC --- official info now there. lets paste ... MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled,, but are potentially a risk in browser or browser-like contexts in those products. Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems that affected Firefox 3.6 and Firefox 6. (CVE-2011-2995) Josh Aas reported a potential crash in the plugin API that affected Firefox 3.6 only. (CVE-2011-2996) Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous reported memory safety problems that affected Firefox 6, fixed in Firefox 7. (CVE-2011-2997) MFSA 2011-37: Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. We would also like to thank Mark for contributing the fix for this problem. (no CVE yet) MFSA 2011-38: Mozilla developer Boris Zbarsky reported that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy. This flaw allows circumvention of the fix added for MFSA 2010-10. (CVE-2011-2999) MFSA 2011-39: Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers: Mozilla would use the second Location header while Chrome and Internet Explorer would use the first. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Most commonly it is the Location header itself that is vulnerable to the response splitting and therefore the copy preferred by Mozilla is more likely to be the malicious one. It is possible, however, that the first copy was the injected one depending on the nature of the server vulnerability. The Mozilla browser engine has been changed to treat two copies of this header with different values as an error condition. The same has been done with the headers Content-Length and Content-Disposition. (CVE-2011-3000) MFSA 2011-40: Mariusz Mlynski reported that if you could convince a user to hold down the Enter key--as part of a game or test, perhaps--a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content. Mariusz also reported a similar flaw with manual plugin installation using the PLUGINSPAGE attribute. It was possible to create an internal error that suppressed a confirmation dialog, such that holding enter would lead to the installation of an arbitrary add-on. (This variant did not affect Firefox 3.6) Holding enter allows arbitrary code execution due to Download Manager (CVE-2011-2372) Holding enter allows arbitrary extension installation (CVE-2011-3001) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c8 --- Comment #8 from Marcus Meissner <meissner@suse.com> 2011-09-28 11:44:10 UTC --- MFSA 2011-41: Michael Jordon of Context IS reported that in the ANGLE library used by WebGL the return value from GrowAtomTable() was not checked for errors. If an attacker could cause requests that exceeded the available memeory those would fail and potentially lead to a buffer overrun as subsequent code wrote into the non-allocated space. (CVE-2011-3002) Ben Hawkes of the Google Security Team reported a WebGL test case that demonstrated an out of bounds write after an allocation failed. (CVE-2011-3003) MFSA 2011-42: Security researcher Aki Helin reported a potentially exploitable crash in the YARR regular expression library used by JavaScript. (CVE-2011-3232) MFSA 2011-43: David Rees reported that the JSSubScriptLoader (a feature used by some add-ons) was "unwrapping" XPCNativeWrappers when they were used as the scope parameter to loadSubScript(). Without the protection of the wrappers the add-on could be vulnerable to privilege escalation attacks from malicious web content. Whether any given add-on were vulnerable would depend on how the add-on used the feature and whether it interacted directly with web content, but we did find at least one vulnerable add-on and presumer there are more. (CVE-2011-3004) The unwrapping behavior was a change introduced during Firefox 4 development. Firefox 3.6 and earlier versions are not affected. MFSA 2011-44: sczimmer reported that Firefox crashed when loading a particular .ogg file. This was due to a use-after-free condition and could potentially be exploited to install malware. (CVE-2011-3005) This vulnerability does not affect Firefox 3.6 or earlier. MFSA 2011-45: University of California, Davis researchers Liang Cai and Hao Chen presented a paper at the 2011 USENIX HotSec workshop on inferring keystrokes from device motion data on mobile devices. Web pages can now receive data similar to the apps studied in that paper and likely present a similar risk. We have decided to limit motion data events to the currently-active tab to prevent the possibility of background tabs attempting to decipher keystrokes the user is entering into the foreground tab. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c9 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High AssignedTo|security-team@suse.de |pcerny@suse.com --- Comment #9 from Marcus Meissner <meissner@suse.com> 2011-09-28 13:17:37 UTC --- next steps are for Petr -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c10 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:43416:importa |maint:running:43416:importa |nt |nt | |maint:released:11.3:43438 | |maint:released:11.4:43438 --- Comment #10 from Swamp Workflow Management <swamp@suse.de> 2011-09-29 08:34:45 UTC --- Update released for: seamonkey, seamonkey-debuginfo, seamonkey-debugsource, seamonkey-dom-inspector, seamonkey-irc, seamonkey-translations-common, seamonkey-translations-other, seamonkey-venkman Products: openSUSE 11.3 (debug, i586, x86_64) openSUSE 11.4 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c11 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:43416:importa |maint:running:43416:importa |nt |nt |maint:released:11.3:43438 |maint:released:11.4:43440 |maint:released:11.4:43438 | --- Comment #11 from Swamp Workflow Management <swamp@suse.de> 2011-09-29 08:35:25 UTC --- Update released for: mozilla-js192, mozilla-js192-debuginfo, mozilla-xulrunner192, mozilla-xulrunner192-buildsymbols, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-debugsource, mozilla-xulrunner192-devel, mozilla-xulrunner192-devel-debuginfo, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-debuginfo, mozilla-xulrunner192-translations-common, mozilla-xulrunner192-translations-other Products: openSUSE 11.4 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c12 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:43416:importa |maint:running:43416:importa |nt |nt |maint:released:11.4:43440 |maint:released:11.4:43440 | |maint:released:11.4:43435 --- Comment #12 from Swamp Workflow Management <swamp@suse.de> 2011-09-29 09:02:06 UTC --- Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-buildsymbols, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations-common, MozillaFirefox-translations-other Products: openSUSE 11.4 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c Petr Cerny <pcerny@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c13 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:43416:importa |maint:running:43416:importa |nt |nt |maint:released:11.4:43440 |maint:released:11.4:43440 |maint:released:11.4:43435 |maint:released:11.4:43435 | |maint:released:11.3:43437 --- Comment #13 from Swamp Workflow Management <swamp@suse.de> 2011-09-29 10:18:41 UTC --- Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations-common, MozillaFirefox-translations-other, mozilla-js192, mozilla-js192-debuginfo, mozilla-xulrunner192, mozilla-xulrunner192-buildsymbols, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-debugsource, mozilla-xulrunner192-devel, mozilla-xulrunner192-devel-debuginfo, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-debuginfo, mozilla-xulrunner192-translations-common, mozilla-xulrunner192-translations-other Products: openSUSE 11.3 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c14 --- Comment #14 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-09-29 15:00:10 CEST --- This is an autogenerated message for OBS integration: This bug (720264) was mentioned in https://build.opensuse.org/request/show/85441 Evergreen:11.1 / MozillaThunderbird https://build.opensuse.org/request/show/85442 Evergreen:11.1 / mozilla-xulrunner192 https://build.opensuse.org/request/show/85443 Evergreen:11.1 / MozillaFirefox -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c16 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:43416:importa |maint:running:43416:importa |nt |nt |maint:released:11.4:43440 |maint:released:11.4:43440 |maint:released:11.4:43435 |maint:released:11.4:43435 |maint:released:11.3:43437 |maint:released:11.3:43437 | |maint:released:11.3:43439 | |maint:released:11.4:43439 --- Comment #16 from Swamp Workflow Management <swamp@suse.de> 2011-10-04 09:19:49 UTC --- Update released for: MozillaThunderbird, MozillaThunderbird-buildsymbols, MozillaThunderbird-debuginfo, MozillaThunderbird-debugsource, MozillaThunderbird-devel, MozillaThunderbird-devel-debuginfo, MozillaThunderbird-translations-common, MozillaThunderbird-translations-other, enigmail, enigmail-debuginfo Products: openSUSE 11.3 (debug, i586, x86_64) openSUSE 11.4 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c17 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:43416:importa |maint:running:43416:importa |nt |nt |maint:released:11.4:43440 |maint:released:11.4:43440 |maint:released:11.4:43435 |maint:released:11.4:43435 |maint:released:11.3:43437 |maint:released:11.3:43437 |maint:released:11.3:43439 |maint:released:11.3:43439 |maint:released:11.4:43439 |maint:released:11.4:43439 | |maint:released:sle10-sp4:43 | |489 --- Comment #17 from Swamp Workflow Management <swamp@suse.de> 2011-10-05 16:51:05 UTC --- Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-translations, mozilla-xulrunner192, mozilla-xulrunner192-32bit, mozilla-xulrunner192-64bit, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-32bit, mozilla-xulrunner192-gnome-64bit, mozilla-xulrunner192-gnome-x86, mozilla-xulrunner192-translations, mozilla-xulrunner192-translations-32bit, mozilla-xulrunner192-translations-64bit, mozilla-xulrunner192-translations-x86, mozilla-xulrunner192-x86 Products: SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c18 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:43416:importa |maint:running:43416:importa |nt |nt |maint:released:11.4:43440 |maint:released:11.4:43440 |maint:released:11.4:43435 |maint:released:11.4:43435 |maint:released:11.3:43437 |maint:released:11.3:43437 |maint:released:11.3:43439 |maint:released:11.3:43439 |maint:released:11.4:43439 |maint:released:11.4:43439 |maint:released:sle10-sp4:43 |maint:released:sle10-sp4:43 |489 |489 | |maint:released:sle10-sp3:43 | |488 --- Comment #18 from Swamp Workflow Management <swamp@suse.de> 2011-10-05 18:11:55 UTC --- Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-translations, mozilla-xulrunner192, mozilla-xulrunner192-32bit, mozilla-xulrunner192-64bit, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-32bit, mozilla-xulrunner192-gnome-64bit, mozilla-xulrunner192-gnome-x86, mozilla-xulrunner192-translations, mozilla-xulrunner192-translations-32bit, mozilla-xulrunner192-translations-64bit, mozilla-xulrunner192-translations-x86, mozilla-xulrunner192-x86 Products: SLE-DEBUGINFO 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SAP-APL 10-SP3 (x86_64) SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c19 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:43416:importa |maint:running:43416:importa |nt |nt |maint:released:11.4:43440 |maint:released:11.4:43440 |maint:released:11.4:43435 |maint:released:11.4:43435 |maint:released:11.3:43437 |maint:released:11.3:43437 |maint:released:11.3:43439 |maint:released:11.3:43439 |maint:released:11.4:43439 |maint:released:11.4:43439 |maint:released:sle10-sp4:43 |maint:released:sle10-sp4:43 |489 |489 |maint:released:sle10-sp3:43 |maint:released:sle10-sp3:43 |488 |488 | |maint:released:sle11-sp1:43 | |487 --- Comment #19 from Swamp Workflow Management <swamp@suse.de> 2011-10-05 18:45:01 UTC --- Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-translations, mozilla-xulrunner192, mozilla-xulrunner192-32bit, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-debuginfo-32bit, mozilla-xulrunner192-debuginfo-x86, mozilla-xulrunner192-debugsource, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-32bit, mozilla-xulrunner192-gnome-x86, mozilla-xulrunner192-translations, mozilla-xulrunner192-translations-32bit, mozilla-xulrunner192-translations-x86, mozilla-xulrunner192-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLES4VMWARE 11-SP1 (i386, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c20 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:43416:importa |maint:running:43416:importa |nt |nt |maint:released:11.4:43440 |maint:released:11.4:43440 |maint:released:11.4:43435 |maint:released:11.4:43435 |maint:released:11.3:43437 |maint:released:11.3:43437 |maint:released:11.3:43439 |maint:released:11.3:43439 |maint:released:11.4:43439 |maint:released:11.4:43439 |maint:released:sle10-sp4:43 |maint:released:sle10-sp4:43 |489 |489 |maint:released:sle10-sp3:43 |maint:released:sle10-sp3:43 |488 |488 |maint:released:sle11-sp1:43 |maint:released:sle11-sp1:43 |487 |487 Status Whiteboard| |maint:released:11.4:43517 --- Comment #20 from Swamp Workflow Management <swamp@suse.de> 2011-10-14 09:40:21 UTC --- Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-buildsymbols, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations-common, MozillaFirefox-translations-other Products: openSUSE 11.4 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c21 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:43416:importa |maint:running:43416:importa |nt |nt |maint:released:11.4:43440 |maint:released:11.4:43440 |maint:released:11.4:43435 |maint:released:11.4:43435 |maint:released:11.3:43437 |maint:released:11.3:43437 |maint:released:11.3:43439 |maint:released:11.3:43439 |maint:released:11.4:43439 |maint:released:11.4:43439 |maint:released:sle10-sp4:43 |maint:released:sle10-sp4:43 |489 |489 |maint:released:sle10-sp3:43 |maint:released:sle10-sp3:43 |488 |488 |maint:released:sle11-sp1:43 |maint:released:sle11-sp1:43 |487 |487 Status Whiteboard|maint:released:11.4:43517 |maint:released:11.3:43518 | |maint:released:11.4:43518 --- Comment #21 from Swamp Workflow Management <swamp@suse.de> 2011-10-14 09:40:54 UTC --- Update released for: seamonkey, seamonkey-debuginfo, seamonkey-debugsource, seamonkey-dom-inspector, seamonkey-irc, seamonkey-translations-common, seamonkey-translations-other, seamonkey-venkman Products: openSUSE 11.3 (debug, i586, x86_64) openSUSE 11.4 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c22 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #22 from Marcus Meissner <meissner@suse.com> 2011-10-17 07:38:05 UTC --- all done I think. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:43416:importa |maint:released:11.4:43440 |nt |maint:released:11.4:43435 |maint:released:11.4:43440 |maint:released:11.3:43437 |maint:released:11.4:43435 |maint:released:11.3:43439 |maint:released:11.3:43437 |maint:released:11.4:43439 |maint:released:11.3:43439 |maint:released:sle10-sp4:43 |maint:released:11.4:43439 |489 |maint:released:sle10-sp4:43 |maint:released:sle10-sp3:43 |489 |488 |maint:released:sle10-sp3:43 |maint:released:sle11-sp1:43 |488 |487 |maint:released:sle11-sp1:43 |maint:released:11.3:43518 |487 | Status Whiteboard|maint:released:11.3:43518 |maint:released:11.4:43518 |maint:released:11.4:43518 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:11.4:43440 |maint:released:11.4:43440 |maint:released:11.4:43435 |maint:released:11.4:43435 |maint:released:11.3:43437 |maint:released:11.3:43437 |maint:released:11.3:43439 |maint:released:11.3:43439 |maint:released:11.4:43439 |maint:released:11.4:43439 |maint:released:sle10-sp4:43 |maint:released:sle10-sp4:43 |489 |489 |maint:released:sle10-sp3:43 |maint:released:sle10-sp3:43 |488 |488 |maint:released:sle11-sp1:43 |maint:released:sle11-sp1:43 |487 |487 |maint:released:11.3:43518 |maint:released:11.3:43518 Status Whiteboard|maint:released:11.4:43518 |maint:released:11.4:43518 | |obs:running:478:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c23 --- Comment #23 from Swamp Workflow Management <swamp@suse.de> 2012-04-27 13:08:54 UTC --- openSUSE-SU-2012:0567-1: An update that fixes 38 vulnerabilities is now available. Category: security (moderate) Bug References: 712224,714931,720264,726758,728520,732898,733002,744275,746616,747328,749440,750044,755060,758408 CVE References: CVE-2011-1187,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2991,CVE-2011-2992,CVE-2011-3005,CVE-2011-3062,CVE-2011-3232,CVE-2011-3651,CVE-2011-3652,CVE-2011-3654,CVE-2011-3655,CVE-2011-3658,CVE-2011-3660,CVE-2011-3661,CVE-2011-3663,CVE-2012-0445,CVE-2012-0446,CVE-2012-0447,CVE-2012-0451,CVE-2012-0452,CVE-2012-0459,CVE-2012-0460,CVE-2012-0467,CVE-2012-0468,CVE-2012-0469,CVE-2012-0470,CVE-2012-0471,CVE-2012-0472,CVE-2012-0473,CVE-2012-0474,CVE-2012-0475,CVE-2012-0477,CVE-2012-0478,CVE-2012-0479 Sources used: openSUSE 12.1 (src): MozillaFirefox-12.0-2.26.1, MozillaThunderbird-12.0-33.20.1, seamonkey-2.9-2.18.1, xulrunner-12.0-2.26.1 openSUSE 11.4 (src): MozillaFirefox-12.0-18.1, MozillaThunderbird-12.0-18.1, seamonkey-2.9-18.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=720264 https://bugzilla.novell.com/show_bug.cgi?id=720264#c24 --- Comment #24 from Swamp Workflow Management <swamp@suse.de> 2014-09-09 16:14:57 UTC --- openSUSE-SU-2014:1100-1: An update that fixes 475 vulnerabilities is now available. Category: security (important) Bug References: 104586,354469,385739,390992,417869,41903,429179,439841,441084,455804,484321,503151,518603,527418,528406,529180,542809,559819,576969,582276,586567,593807,603356,622506,637303,642502,645315,649492,657016,664211,667155,689281,701296,712224,714931,720264,726758,728520,732898,733002,737533,744275,746616,747328,749440,750044,755060,758408,765204,771583,777588,783533,786522,790140,796895,804248,808243,813026,819204,825935,833389,840485,847708,854370,861847,868603,875378,876833,881874,887746,894201,894370 CVE References: CVE-2007-3089,CVE-2007-3285,CVE-2007-3656,CVE-2007-3670,CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738,CVE-2008-0016,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235,CVE-2008-1236,CVE-2008-1237,CVE-2008-3835,CVE-2008-4058,CVE-2008-4059,CVE-2008-4060,CVE-2008-4061,CVE-2008-4062,CVE-2008-4063,CVE-2008-4064,CVE-2008-4065,CVE-2008-4066,CVE-2008-4067,CVE-2008-4068,CVE-2008-4070,CVE-2008-5012,CVE-2008-5014,CVE-2008-5016,CVE-2008-5017,CVE-2008-5018,CVE-2008-5021,CVE-2008-5022,CVE-2008-5024,CVE-2008-5500,CVE-2008-5501,CVE-2008-5502,CVE-2008-5503,CVE-2008-5506,CVE-2008-5507,CVE-2008-5508,CVE-2008-5510,CVE-2008-5511,CVE-2008-5512,CVE-2009-0040,CVE-2009-0771,CVE-2009-0772,CVE-2009-0773,CVE-2009-0774,CVE-2009-0776,CVE-2009-1571,CVE-2009-3555,CVE-2010-0159,CVE-2010-0173,CVE-2010-0174,CVE-2010-0175,CVE-2010-0176,CVE-2010-0182,CVE-2010-0654,CVE-2010-1121,CVE-2010-1196,CVE-2010-1199,CVE-2010-1200,CVE-2010-1201,CVE-2010-1202,CVE-2010-1203,CVE-2010-1205,CVE-2010-1211,CVE-2010-1 212,CVE-2010-1213,CVE-2010-1585,CVE-2010-2752,CVE-2010-2753,CVE-2010-2754,CVE-2010-2760,CVE-2010-2762,CVE-2010-2764,CVE-2010-2765,CVE-2010-2766,CVE-2010-2767,CVE-2010-2768,CVE-2010-2769,CVE-2010-3166,CVE-2010-3167,CVE-2010-3168,CVE-2010-3169,CVE-2010-3170,CVE-2010-3173,CVE-2010-3174,CVE-2010-3175,CVE-2010-3176,CVE-2010-3178,CVE-2010-3179,CVE-2010-3180,CVE-2010-3182,CVE-2010-3183,CVE-2010-3765,CVE-2010-3768,CVE-2010-3769,CVE-2010-3776,CVE-2010-3777,CVE-2010-3778,CVE-2011-0053,CVE-2011-0061,CVE-2011-0062,CVE-2011-0069,CVE-2011-0070,CVE-2011-0072,CVE-2011-0074,CVE-2011-0075,CVE-2011-0077,CVE-2011-0078,CVE-2011-0080,CVE-2011-0081,CVE-2011-0083,CVE-2011-0084,CVE-2011-0085,CVE-2011-1187,CVE-2011-2362,CVE-2011-2363,CVE-2011-2364,CVE-2011-2365,CVE-2011-2371,CVE-2011-2372,CVE-2011-2373,CVE-2011-2374,CVE-2011-2376,CVE-2011-2377,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2991,CVE-2011-2992,CVE-2011-3000,CVE-2011-3001,CVE-2011-3005,CVE-2011-3026,CVE-2 011-3062,CVE-2011-3101,CVE-2011-3232,CVE-2011-3648,CVE-2011-3650,CVE-2011-3651,CVE-2011-3652,CVE-2011-3654,CVE-2011-3655,CVE-2011-3658,CVE-2011-3659,CVE-2011-3660,CVE-2011-3661,CVE-2011-3663,CVE-2012-0441,CVE-2012-0442,CVE-2012-0443,CVE-2012-0444,CVE-2012-0445,CVE-2012-0446,CVE-2012-0447,CVE-2012-0449,CVE-2012-0451,CVE-2012-0452,CVE-2012-0455,CVE-2012-0456,CVE-2012-0457,CVE-2012-0458,CVE-2012-0459,CVE-2012-0460,CVE-2012-0461,CVE-2012-0462,CVE-2012-0463,CVE-2012-0464,CVE-2012-0467,CVE-2012-0468,CVE-2012-0469,CVE-2012-0470,CVE-2012-0471,CVE-2012-0472,CVE-2012-0473,CVE-2012-0474,CVE-2012-0475,CVE-2012-0477,CVE-2012-0478,CVE-2012-0479,CVE-2012-0759,CVE-2012-1937,CVE-2012-1938,CVE-2012-1940,CVE-2012-1941,CVE-2012-1944,CVE-2012-1945,CVE-2012-1946,CVE-2012-1947,CVE-2012-1948,CVE-2012-1949,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1956,CVE-2012-1957,CVE-2012-1958,CVE-2012-1959,CVE-2012-1960,CVE-2012-1961,CVE-2012-1962,CVE-2012-1963,CVE-2012-1967, CVE-2012-1970,CVE-2012-1972,CVE-2012-1973,CVE-2012-1974,CVE-2012-1975,CVE-2012-1976,CVE-2012-3956,CVE-2012-3957,CVE-2012-3958,CVE-2012-3959,CVE-2012-3960,CVE-2012-3961,CVE-2012-3962,CVE-2012-3963,CVE-2012-3964,CVE-2012-3966,CVE-2012-3967,CVE-2012-3968,CVE-2012-3969,CVE-2012-3970,CVE-2012-3971,CVE-2012-3972,CVE-2012-3975,CVE-2012-3978,CVE-2012-3980,CVE-2012-3982,CVE-2012-3983,CVE-2012-3984,CVE-2012-3985,CVE-2012-3986,CVE-2012-3988,CVE-2012-3989,CVE-2012-3990,CVE-2012-3991,CVE-2012-3992,CVE-2012-3993,CVE-2012-3994,CVE-2012-3995,CVE-2012-4179,CVE-2012-4180,CVE-2012-4181,CVE-2012-4182,CVE-2012-4183,CVE-2012-4184,CVE-2012-4185,CVE-2012-4186,CVE-2012-4187,CVE-2012-4188,CVE-2012-4191,CVE-2012-4192,CVE-2012-4193,CVE-2012-4194,CVE-2012-4195,CVE-2012-4196,CVE-2012-4201,CVE-2012-4202,CVE-2012-4204,CVE-2012-4205,CVE-2012-4207,CVE-2012-4208,CVE-2012-4209,CVE-2012-4212,CVE-2012-4213,CVE-2012-4214,CVE-2012-4215,CVE-2012-4216,CVE-2012-4217,CVE-2012-4218,CVE-2012-5829,CVE-2012-5830,CVE-2012- 5833,CVE-2012-5835,CVE-2012-5836,CVE-2012-5837,CVE-2012-5838,CVE-2012-5839,CVE-2012-5840,CVE-2012-5841,CVE-2012-5842,CVE-2012-5843,CVE-2013-0743,CVE-2013-0744,CVE-2013-0745,CVE-2013-0746,CVE-2013-0747,CVE-2013-0748,CVE-2013-0749,CVE-2013-0750,CVE-2013-0752,CVE-2013-0753,CVE-2013-0754,CVE-2013-0755,CVE-2013-0756,CVE-2013-0757,CVE-2013-0758,CVE-2013-0760,CVE-2013-0761,CVE-2013-0762,CVE-2013-0763,CVE-2013-0764,CVE-2013-0766,CVE-2013-0767,CVE-2013-0768,CVE-2013-0769,CVE-2013-0770,CVE-2013-0771,CVE-2013-0773,CVE-2013-0774,CVE-2013-0775,CVE-2013-0776,CVE-2013-0780,CVE-2013-0782,CVE-2013-0783,CVE-2013-0787,CVE-2013-0788,CVE-2013-0789,CVE-2013-0793,CVE-2013-0795,CVE-2013-0796,CVE-2013-0800,CVE-2013-0801,CVE-2013-1669,CVE-2013-1670,CVE-2013-1674,CVE-2013-1675,CVE-2013-1676,CVE-2013-1677,CVE-2013-1678,CVE-2013-1679,CVE-2013-1680,CVE-2013-1681,CVE-2013-1682,CVE-2013-1684,CVE-2013-1685,CVE-2013-1686,CVE-2013-1687,CVE-2013-1690,CVE-2013-1692,CVE-2013-1693,CVE-2013-1694,CVE-2013-1697,CVE- 2013-1701,CVE-2013-1709,CVE-2013-1710,CVE-2013-1713,CVE-2013-1714,CVE-2013-1717,CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738,CVE-2013-5590,CVE-2013-5591,CVE-2013-5592,CVE-2013-5593,CVE-2013-5595,CVE-2013-5596,CVE-2013-5597,CVE-2013-5599,CVE-2013-5600,CVE-2013-5601,CVE-2013-5602,CVE-2013-5603,CVE-2013-5604,CVE-2013-5609,CVE-2013-5610,CVE-2013-5611,CVE-2013-5612,CVE-2013-5613,CVE-2013-5614,CVE-2013-5615,CVE-2013-5616,CVE-2013-5618,CVE-2013-5619,CVE-2013-6629,CVE-2013-6630,CVE-2013-6671,CVE-2013-6672,CVE-2013-6673,CVE-2014-1477,CVE-2014-1478,CVE-2014-1479,CVE-2014-1480,CVE-2014-1481,CVE-2014-1482,CVE-2014-1483,CVE-2014-1484,CVE-2014-1485,CVE-2014-1486,CVE-2014-1487,CVE-2014-1488,CVE-2014-1489,CVE-2014-1490,CVE-2014-1491,CVE-2014-1492,CVE-2014-1493,CVE-2014-1494,CVE-2014-1497,CVE-2014-1498,CVE-2014-1499,CVE-2014-1500,CVE-2014-1502 ,CVE-2014-1504,CVE-2014-1505,CVE-2014-1508,CVE-2014-1509,CVE-2014-1510,CVE-2014-1511,CVE-2014-1512,CVE-2014-1513,CVE-2014-1514,CVE-2014-1518,CVE-2014-1519,CVE-2014-1522,CVE-2014-1523,CVE-2014-1524,CVE-2014-1525,CVE-2014-1526,CVE-2014-1528,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532,CVE-2014-1533,CVE-2014-1534,CVE-2014-1536,CVE-2014-1537,CVE-2014-1538,CVE-2014-1539,CVE-2014-1540,CVE-2014-1541,CVE-2014-1542,CVE-2014-1543,CVE-2014-1544,CVE-2014-1545,CVE-2014-1547,CVE-2014-1548,CVE-2014-1549,CVE-2014-1550,CVE-2014-1552,CVE-2014-1553,CVE-2014-1555,CVE-2014-1556,CVE-2014-1557,CVE-2014-1558,CVE-2014-1559,CVE-2014-1560,CVE-2014-1561,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567 Sources used: openSUSE 11.4 (src): MozillaFirefox-24.8.0-127.1, mozilla-nss-3.16.4-94.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=720264 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|maint:released:11.4:43440 |maint:released:11.4:43440 |maint:released:11.4:43435 |maint:released:11.4:43435 |maint:released:11.3:43437 |maint:released:11.3:43437 |maint:released:11.3:43439 |maint:released:11.3:43439 |maint:released:11.4:43439 |maint:released:11.4:43439 |maint:released:sle10-sp4:43 |maint:released:sle10-sp4:43 |489 |489 |maint:released:sle10-sp3:43 |maint:released:sle10-sp3:43 |488 |488 |maint:released:sle11-sp1:43 |maint:released:sle11-sp1:43 |487 |487 |maint:released:11.3:43518 |maint:released:11.3:43518 |maint:released:11.4:43518 |maint:released:11.4:43518 |obs:running:478:moderate | -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com