openSUSE Security Update: seamonkey: Update to Seamonkey 2.11 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0935-1 Rating: important References: #771583 Cross-References: CVE-2012-1948 CVE-2012-1949 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1967 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: Seamonkey was updated to version 2.11 (bnc#771583) * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1 952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of javascript in HTML feed-view * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated * MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage * MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs * relicensed to MPL-2.0 - updated/removed patches - requires NSS 3.13.5 - update to Seamonkey 2.10.1 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-473 - openSUSE 11.4: zypper in -t patch openSUSE-2012-473 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): seamonkey-2.11-2.24.2 seamonkey-debuginfo-2.11-2.24.2 seamonkey-debugsource-2.11-2.24.2 seamonkey-dom-inspector-2.11-2.24.2 seamonkey-irc-2.11-2.24.2 seamonkey-translations-common-2.11-2.24.2 seamonkey-translations-other-2.11-2.24.2 seamonkey-venkman-2.11-2.24.2 - openSUSE 11.4 (i586 x86_64): seamonkey-2.11-24.3 seamonkey-debuginfo-2.11-24.3 seamonkey-debugsource-2.11-24.3 seamonkey-dom-inspector-2.11-24.3 seamonkey-irc-2.11-24.3 seamonkey-translations-common-2.11-24.3 seamonkey-translations-other-2.11-24.3 seamonkey-venkman-2.11-24.3 References: http://support.novell.com/security/cve/CVE-2012-1948.html http://support.novell.com/security/cve/CVE-2012-1949.html http://support.novell.com/security/cve/CVE-2012-1951.html http://support.novell.com/security/cve/CVE-2012-1952.html http://support.novell.com/security/cve/CVE-2012-1953.html http://support.novell.com/security/cve/CVE-2012-1954.html http://support.novell.com/security/cve/CVE-2012-1955.html http://support.novell.com/security/cve/CVE-2012-1957.html http://support.novell.com/security/cve/CVE-2012-1958.html http://support.novell.com/security/cve/CVE-2012-1959.html http://support.novell.com/security/cve/CVE-2012-1960.html http://support.novell.com/security/cve/CVE-2012-1961.html http://support.novell.com/security/cve/CVE-2012-1962.html http://support.novell.com/security/cve/CVE-2012-1963.html http://support.novell.com/security/cve/CVE-2012-1967.html https://bugzilla.novell.com/771583