openSUSE Security Update: MozillaFirefox: update to Firefox 16.0.1 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1345-1 Rating: important References: #783533 Cross-References: CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 Affected Products: openSUSE 12.2 openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: The Mozilla suite received following security updates (bnc#783533): Mozilla Firefox was updated to 16.0.1. Mozilla Seamonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. * MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards * MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks * MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain * MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks * MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation * MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator * MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks * MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties * MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer * MFSA 2012-87/CVE-2012-3990 (bmo#787704) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-709 - openSUSE 12.1: zypper in -t patch openSUSE-2012-709 - openSUSE 11.4: zypper in -t patch openSUSE-2012-709 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): MozillaFirefox-16.0.1-2.17.1 MozillaFirefox-branding-upstream-16.0.1-2.17.1 MozillaFirefox-buildsymbols-16.0.1-2.17.1 MozillaFirefox-debuginfo-16.0.1-2.17.1 MozillaFirefox-debugsource-16.0.1-2.17.1 MozillaFirefox-devel-16.0.1-2.17.1 MozillaFirefox-translations-common-16.0.1-2.17.1 MozillaFirefox-translations-other-16.0.1-2.17.1 MozillaThunderbird-16.0.1-49.15.1 MozillaThunderbird-buildsymbols-16.0.1-49.15.1 MozillaThunderbird-debuginfo-16.0.1-49.15.1 MozillaThunderbird-debugsource-16.0.1-49.15.1 MozillaThunderbird-devel-16.0.1-49.15.1 MozillaThunderbird-devel-debuginfo-16.0.1-49.15.1 MozillaThunderbird-translations-common-16.0.1-49.15.1 MozillaThunderbird-translations-other-16.0.1-49.15.1 enigmail-1.4.5.+16.0.1-49.15.1 enigmail-debuginfo-1.4.5.+16.0.1-49.15.1 mozilla-js-16.0.1-2.14.1 mozilla-js-debuginfo-16.0.1-2.14.1 mozilla-kde4-integration-0.6.4-10.4.1 mozilla-kde4-integration-debuginfo-0.6.4-10.4.1 mozilla-kde4-integration-debugsource-0.6.4-10.4.1 seamonkey-2.13.1-2.18.1 seamonkey-debuginfo-2.13.1-2.18.1 seamonkey-debugsource-2.13.1-2.18.1 seamonkey-dom-inspector-2.13.1-2.18.1 seamonkey-irc-2.13.1-2.18.1 seamonkey-translations-common-2.13.1-2.18.1 seamonkey-translations-other-2.13.1-2.18.1 seamonkey-venkman-2.13.1-2.18.1 xulrunner-16.0.1-2.14.1 xulrunner-buildsymbols-16.0.1-2.14.1 xulrunner-debuginfo-16.0.1-2.14.1 xulrunner-debugsource-16.0.1-2.14.1 xulrunner-devel-16.0.1-2.14.1 xulrunner-devel-debuginfo-16.0.1-2.14.1 - openSUSE 12.2 (x86_64): mozilla-js-32bit-16.0.1-2.14.1 mozilla-js-debuginfo-32bit-16.0.1-2.14.1 xulrunner-32bit-16.0.1-2.14.1 xulrunner-debuginfo-32bit-16.0.1-2.14.1 - openSUSE 12.1 (i586 x86_64): MozillaFirefox-16.0.1-2.46.1 MozillaFirefox-branding-upstream-16.0.1-2.46.1 MozillaFirefox-buildsymbols-16.0.1-2.46.1 MozillaFirefox-debuginfo-16.0.1-2.46.1 MozillaFirefox-debugsource-16.0.1-2.46.1 MozillaFirefox-devel-16.0.1-2.46.1 MozillaFirefox-translations-common-16.0.1-2.46.1 MozillaFirefox-translations-other-16.0.1-2.46.1 MozillaThunderbird-16.0.1-33.35.1 MozillaThunderbird-buildsymbols-16.0.1-33.35.1 MozillaThunderbird-debuginfo-16.0.1-33.35.1 MozillaThunderbird-debugsource-16.0.1-33.35.1 MozillaThunderbird-devel-16.0.1-33.35.1 MozillaThunderbird-devel-debuginfo-16.0.1-33.35.1 MozillaThunderbird-translations-common-16.0.1-33.35.1 MozillaThunderbird-translations-other-16.0.1-33.35.1 enigmail-1.4.5.+16.0.1-33.35.1 enigmail-debuginfo-1.4.5.+16.0.1-33.35.1 mozilla-js-16.0.1-2.41.1 mozilla-js-debuginfo-16.0.1-2.41.1 mozilla-kde4-integration-0.6.4-6.4.1 mozilla-kde4-integration-debuginfo-0.6.4-6.4.1 mozilla-kde4-integration-debugsource-0.6.4-6.4.1 seamonkey-2.13.1-2.37.1 seamonkey-debuginfo-2.13.1-2.37.1 seamonkey-debugsource-2.13.1-2.37.1 seamonkey-dom-inspector-2.13.1-2.37.1 seamonkey-irc-2.13.1-2.37.1 seamonkey-translations-common-2.13.1-2.37.1 seamonkey-translations-other-2.13.1-2.37.1 seamonkey-venkman-2.13.1-2.37.1 xulrunner-16.0.1-2.41.1 xulrunner-buildsymbols-16.0.1-2.41.1 xulrunner-debuginfo-16.0.1-2.41.1 xulrunner-debugsource-16.0.1-2.41.1 xulrunner-devel-16.0.1-2.41.1 xulrunner-devel-debuginfo-16.0.1-2.41.1 - openSUSE 12.1 (x86_64): mozilla-js-32bit-16.0.1-2.41.1 mozilla-js-debuginfo-32bit-16.0.1-2.41.1 xulrunner-32bit-16.0.1-2.41.1 xulrunner-debuginfo-32bit-16.0.1-2.41.1 - openSUSE 12.1 (ia64): mozilla-js-debuginfo-x86-16.0.1-2.41.1 mozilla-js-x86-16.0.1-2.41.1 xulrunner-debuginfo-x86-16.0.1-2.41.1 xulrunner-x86-16.0.1-2.41.1 - openSUSE 11.4 (i586 x86_64): MozillaFirefox-16.0.1-41.1 MozillaFirefox-branding-upstream-16.0.1-41.1 MozillaFirefox-buildsymbols-16.0.1-41.1 MozillaFirefox-debuginfo-16.0.1-41.1 MozillaFirefox-debugsource-16.0.1-41.1 MozillaFirefox-devel-16.0.1-41.1 MozillaFirefox-translations-common-16.0.1-41.1 MozillaFirefox-translations-other-16.0.1-41.1 MozillaThunderbird-16.0.1-33.1 MozillaThunderbird-buildsymbols-16.0.1-33.1 MozillaThunderbird-debuginfo-16.0.1-33.1 MozillaThunderbird-debugsource-16.0.1-33.1 MozillaThunderbird-devel-16.0.1-33.1 MozillaThunderbird-devel-debuginfo-16.0.1-33.1 MozillaThunderbird-translations-common-16.0.1-33.1 MozillaThunderbird-translations-other-16.0.1-33.1 enigmail-1.4.5.+16.0.1-33.1 enigmail-debuginfo-1.4.5.+16.0.1-33.1 mozilla-kde4-integration-0.6.4-6.1 mozilla-kde4-integration-debuginfo-0.6.4-6.1 mozilla-kde4-integration-debugsource-0.6.4-6.1 seamonkey-2.13.1-37.1 seamonkey-debuginfo-2.13.1-37.1 seamonkey-debugsource-2.13.1-37.1 seamonkey-dom-inspector-2.13.1-37.1 seamonkey-irc-2.13.1-37.1 seamonkey-translations-common-2.13.1-37.1 seamonkey-translations-other-2.13.1-37.1 seamonkey-venkman-2.13.1-37.1 References: http://support.novell.com/security/cve/CVE-2012-3982.html http://support.novell.com/security/cve/CVE-2012-3983.html http://support.novell.com/security/cve/CVE-2012-3984.html http://support.novell.com/security/cve/CVE-2012-3985.html http://support.novell.com/security/cve/CVE-2012-3986.html http://support.novell.com/security/cve/CVE-2012-3988.html http://support.novell.com/security/cve/CVE-2012-3989.html http://support.novell.com/security/cve/CVE-2012-3990.html http://support.novell.com/security/cve/CVE-2012-3991.html http://support.novell.com/security/cve/CVE-2012-3992.html http://support.novell.com/security/cve/CVE-2012-3993.html http://support.novell.com/security/cve/CVE-2012-3994.html http://support.novell.com/security/cve/CVE-2012-3995.html http://support.novell.com/security/cve/CVE-2012-4179.html http://support.novell.com/security/cve/CVE-2012-4180.html http://support.novell.com/security/cve/CVE-2012-4182.html http://support.novell.com/security/cve/CVE-2012-4183.html http://support.novell.com/security/cve/CVE-2012-4184.html http://support.novell.com/security/cve/CVE-2012-4185.html http://support.novell.com/security/cve/CVE-2012-4186.html http://support.novell.com/security/cve/CVE-2012-4187.html http://support.novell.com/security/cve/CVE-2012-4188.html http://support.novell.com/security/cve/CVE-2012-4191.html http://support.novell.com/security/cve/CVE-2012-4192.html http://support.novell.com/security/cve/CVE-2012-4193.html https://bugzilla.novell.com/783533 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org