[security-announce] openSUSE-SU-2013:1871-1: important: Mozilla updates 2013/12

openSUSE Security Update: Mozilla updates 2013/12 ______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1871-1 Rating: important References: #854367 #854370 Cross-References: CVE-2013-5609 CVE-2013-5610 CVE-2013-5613 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6673 Affected Products: openSUSE 11.4 ______________________________________________________________________________

An update that fixes 10 vulnerabilities is now available.

Description:

This patch contains * mozilla-nss 3.15.3.1 which includes a certstore update (1.95) to explicitely revoke AC DG Tresor SSL intermediate CA which was misused. * Firefox 24.2esr * Thunderbird 24.2 * Seamonkey 2.23

These updates fix several security issues:

* CVE-2013-5611 Mozilla: Application Installation doorhanger persists on navigation (MFSA 2013-105) * CVE-2013-5609 Mozilla: Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104) * CVE-2013-5610 Mozilla: Miscellaneous memory safety hazards (rv:26.0) (MFSA 2013-104) * CVE-2013-5612 Mozilla: Character encoding cross-origin XSS attack (MFSA 2013-106) * CVE-2013-5614 Mozilla: Sandbox restrictions not applied to nested object elements (MFSA 2013-107) * CVE-2013-5616 Mozilla: Use-after-free in event listeners (MFSA 2013-108) * CVE-2013-5619 Mozilla: Potential overflow in JavaScript binary search algorithms (MFSA 2013-110) * CVE-2013-6671 Mozilla: Segmentation violation when replacing ordered list elements (MFSA 2013-111) * CVE-2013-6673 Mozilla: Trust settings for built-in roots ignored during EV certificate validation (MFSA 2013-113) * CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse movement (MFSA 2013-114) * CVE-2013-5615 Mozilla: GetElementIC typed array stubs can be generated outside observed typesets (MFSA 2013-115) * CVE-2013-6672 Mozilla: Linux clipboard information disclosure though selection paste (MFSA 2013-112) * CVE-2013-5618 Mozilla: Use-after-free during Table Editing (MFSA 2013-109)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2013-170

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 11.4 (i586 x86_64):

MozillaFirefox-24.2.0-95.2 MozillaFirefox-branding-upstream-24.2.0-95.2 MozillaFirefox-buildsymbols-24.2.0-95.2 MozillaFirefox-debuginfo-24.2.0-95.2 MozillaFirefox-debugsource-24.2.0-95.2 MozillaFirefox-devel-24.2.0-95.2 MozillaFirefox-translations-common-24.2.0-95.2 MozillaFirefox-translations-other-24.2.0-95.2 MozillaThunderbird-24.2.0-81.2 MozillaThunderbird-buildsymbols-24.2.0-81.2 MozillaThunderbird-debuginfo-24.2.0-81.2 MozillaThunderbird-debugsource-24.2.0-81.2 MozillaThunderbird-devel-24.2.0-81.2 MozillaThunderbird-translations-common-24.2.0-81.2 MozillaThunderbird-translations-other-24.2.0-81.2 enigmail-1.6.0+24.2.0-81.2 libfreebl3-3.15.3.1-74.1 libfreebl3-debuginfo-3.15.3.1-74.1 libsoftokn3-3.15.3.1-74.1 libsoftokn3-debuginfo-3.15.3.1-74.1 mozilla-nss-3.15.3.1-74.1 mozilla-nss-certs-3.15.3.1-74.1 mozilla-nss-certs-debuginfo-3.15.3.1-74.1 mozilla-nss-debuginfo-3.15.3.1-74.1 mozilla-nss-debugsource-3.15.3.1-74.1 mozilla-nss-devel-3.15.3.1-74.1 mozilla-nss-sysinit-3.15.3.1-74.1 mozilla-nss-sysinit-debuginfo-3.15.3.1-74.1 mozilla-nss-tools-3.15.3.1-74.1 mozilla-nss-tools-debuginfo-3.15.3.1-74.1 seamonkey-2.23-85.1 seamonkey-debuginfo-2.23-85.1 seamonkey-debugsource-2.23-85.1 seamonkey-dom-inspector-2.23-85.1 seamonkey-irc-2.23-85.1 seamonkey-translations-common-2.23-85.1 seamonkey-translations-other-2.23-85.1 seamonkey-venkman-2.23-85.1

- openSUSE 11.4 (x86_64):

libfreebl3-32bit-3.15.3.1-74.1 libfreebl3-debuginfo-32bit-3.15.3.1-74.1 libsoftokn3-32bit-3.15.3.1-74.1 libsoftokn3-debuginfo-32bit-3.15.3.1-74.1 mozilla-nss-32bit-3.15.3.1-74.1 mozilla-nss-certs-32bit-3.15.3.1-74.1 mozilla-nss-certs-debuginfo-32bit-3.15.3.1-74.1 mozilla-nss-debuginfo-32bit-3.15.3.1-74.1 mozilla-nss-sysinit-32bit-3.15.3.1-74.1 mozilla-nss-sysinit-debuginfo-32bit-3.15.3.1-74.1

- openSUSE 11.4 (ia64):

libfreebl3-debuginfo-x86-3.15.3.1-74.1 libfreebl3-x86-3.15.3.1-74.1 libsoftokn3-debuginfo-x86-3.15.3.1-74.1 libsoftokn3-x86-3.15.3.1-74.1 mozilla-nss-certs-debuginfo-x86-3.15.3.1-74.1 mozilla-nss-certs-x86-3.15.3.1-74.1 mozilla-nss-debuginfo-x86-3.15.3.1-74.1 mozilla-nss-sysinit-debuginfo-x86-3.15.3.1-74.1 mozilla-nss-sysinit-x86-3.15.3.1-74.1 mozilla-nss-x86-3.15.3.1-74.1

References:

http://support.novell.com/security/cve/CVE-2013-5609.html http://support.novell.com/security/cve/CVE-2013-5610.html http://support.novell.com/security/cve/CVE-2013-5613.html http://support.novell.com/security/cve/CVE-2013-5615.html http://support.novell.com/security/cve/CVE-2013-5616.html http://support.novell.com/security/cve/CVE-2013-5618.html http://support.novell.com/security/cve/CVE-2013-6629.html http://support.novell.com/security/cve/CVE-2013-6630.html http://support.novell.com/security/cve/CVE-2013-6671.html http://support.novell.com/security/cve/CVE-2013-6673.html https://bugzilla.novell.com/854367 https://bugzilla.novell.com/854370