openSUSE Security Update: update for MozillaFirefox, MozillaThunderbird ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0417-1 Rating: moderate References: #745303 #746591 #747320 #749440 #750044 #750673 Cross-References: CVE-2011-3658 CVE-2012-0451 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: Changes in MozillaThunderbird: - update to Thunderbird 11.0 (bnc#750044) * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification * MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in mozilla-xulrunner192: - security update to 1.9.2.28 (bnc#750044) * MFSA 2011-55/CVE-2011-3658 (bmo#708186) nsSVGValue out-of-bounds access * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in MozillaFirefox: - update to Firefox 11.0 (bnc#750044) * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification * MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in seamonkey: - update to Seamonkey 2.8 (bnc#750044) * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification * MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in chmsee: - Update to version 1.99.08 Changes in mozilla-nss: - update to 3.13.3 RTM - distrust Trustwave's MITM certificates (bmo#724929) - fix generic blacklisting mechanism (bmo#727204) Changes in mozilla-nspr: - update to version 4.9 RTM Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-175 - openSUSE 11.4: zypper in -t patch openSUSE-2012-175 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): MozillaFirefox-11.0-2.23.1 MozillaFirefox-branding-upstream-11.0-2.23.1 MozillaFirefox-buildsymbols-11.0-2.23.1 MozillaFirefox-debuginfo-11.0-2.23.1 MozillaFirefox-debugsource-11.0-2.23.1 MozillaFirefox-devel-11.0-2.23.1 MozillaFirefox-translations-common-11.0-2.23.1 MozillaFirefox-translations-other-11.0-2.23.1 MozillaThunderbird-11.0-33.14.1 MozillaThunderbird-buildsymbols-11.0-33.14.1 MozillaThunderbird-debuginfo-11.0-33.14.1 MozillaThunderbird-debugsource-11.0-33.14.1 MozillaThunderbird-devel-11.0-33.14.1 MozillaThunderbird-translations-common-11.0-33.14.1 MozillaThunderbird-translations-other-11.0-33.14.1 chmsee-1.99.08-2.15.2 chmsee-debuginfo-1.99.08-2.15.2 chmsee-debugsource-1.99.08-2.15.2 enigmail-1.4.0+11.0-33.14.1 enigmail-debuginfo-1.4.0+11.0-33.14.1 libfreebl3-3.13.3-9.13.1 libfreebl3-debuginfo-3.13.3-9.13.1 libsoftokn3-3.13.3-9.13.1 libsoftokn3-debuginfo-3.13.3-9.13.1 mozilla-js-11.0-2.23.1 mozilla-js-debuginfo-11.0-2.23.1 mozilla-js192-1.9.2.28-2.12.2 mozilla-js192-debuginfo-1.9.2.28-2.12.2 mozilla-nspr-4.9.0-3.3.1 mozilla-nspr-debuginfo-4.9.0-3.3.1 mozilla-nspr-debugsource-4.9.0-3.3.1 mozilla-nspr-devel-4.9.0-3.3.1 mozilla-nss-3.13.3-9.13.1 mozilla-nss-certs-3.13.3-9.13.1 mozilla-nss-certs-debuginfo-3.13.3-9.13.1 mozilla-nss-debuginfo-3.13.3-9.13.1 mozilla-nss-debugsource-3.13.3-9.13.1 mozilla-nss-devel-3.13.3-9.13.1 mozilla-nss-sysinit-3.13.3-9.13.1 mozilla-nss-sysinit-debuginfo-3.13.3-9.13.1 mozilla-nss-tools-3.13.3-9.13.1 mozilla-nss-tools-debuginfo-3.13.3-9.13.1 mozilla-xulrunner192-1.9.2.28-2.12.2 mozilla-xulrunner192-buildsymbols-1.9.2.28-2.12.2 mozilla-xulrunner192-debuginfo-1.9.2.28-2.12.2 mozilla-xulrunner192-debugsource-1.9.2.28-2.12.2 mozilla-xulrunner192-devel-1.9.2.28-2.12.2 mozilla-xulrunner192-devel-debuginfo-1.9.2.28-2.12.2 mozilla-xulrunner192-gnome-1.9.2.28-2.12.2 mozilla-xulrunner192-gnome-debuginfo-1.9.2.28-2.12.2 mozilla-xulrunner192-translations-common-1.9.2.28-2.12.2 mozilla-xulrunner192-translations-other-1.9.2.28-2.12.2 seamonkey-2.8-2.15.1 seamonkey-debuginfo-2.8-2.15.1 seamonkey-debugsource-2.8-2.15.1 seamonkey-dom-inspector-2.8-2.15.1 seamonkey-irc-2.8-2.15.1 seamonkey-translations-common-2.8-2.15.1 seamonkey-translations-other-2.8-2.15.1 seamonkey-venkman-2.8-2.15.1 xulrunner-11.0-2.23.1 xulrunner-buildsymbols-11.0-2.23.1 xulrunner-debuginfo-11.0-2.23.1 xulrunner-debugsource-11.0-2.23.1 xulrunner-devel-11.0-2.23.1 xulrunner-devel-debuginfo-11.0-2.23.1 - openSUSE 12.1 (x86_64): libfreebl3-32bit-3.13.3-9.13.1 libfreebl3-debuginfo-32bit-3.13.3-9.13.1 libsoftokn3-32bit-3.13.3-9.13.1 libsoftokn3-debuginfo-32bit-3.13.3-9.13.1 mozilla-js-32bit-11.0-2.23.1 mozilla-js-debuginfo-32bit-11.0-2.23.1 mozilla-js192-32bit-1.9.2.28-2.12.2 mozilla-js192-debuginfo-32bit-1.9.2.28-2.12.2 mozilla-nspr-32bit-4.9.0-3.3.1 mozilla-nspr-debuginfo-32bit-4.9.0-3.3.1 mozilla-nss-32bit-3.13.3-9.13.1 mozilla-nss-certs-32bit-3.13.3-9.13.1 mozilla-nss-certs-debuginfo-32bit-3.13.3-9.13.1 mozilla-nss-debuginfo-32bit-3.13.3-9.13.1 mozilla-nss-sysinit-32bit-3.13.3-9.13.1 mozilla-nss-sysinit-debuginfo-32bit-3.13.3-9.13.1 mozilla-xulrunner192-32bit-1.9.2.28-2.12.2 mozilla-xulrunner192-debuginfo-32bit-1.9.2.28-2.12.2 mozilla-xulrunner192-gnome-32bit-1.9.2.28-2.12.2 mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.28-2.12.2 mozilla-xulrunner192-translations-common-32bit-1.9.2.28-2.12.2 mozilla-xulrunner192-translations-other-32bit-1.9.2.28-2.12.2 xulrunner-32bit-11.0-2.23.1 xulrunner-debuginfo-32bit-11.0-2.23.1 - openSUSE 11.4 (i586 x86_64): MozillaFirefox-11.0-0.15.2 MozillaFirefox-branding-upstream-11.0-0.15.2 MozillaFirefox-buildsymbols-11.0-0.15.2 MozillaFirefox-debuginfo-11.0-0.15.2 MozillaFirefox-debugsource-11.0-0.15.2 MozillaFirefox-devel-11.0-0.15.2 MozillaFirefox-translations-common-11.0-0.15.2 MozillaFirefox-translations-other-11.0-0.15.2 MozillaThunderbird-3.1.20-0.15.4 MozillaThunderbird-buildsymbols-3.1.20-0.15.4 MozillaThunderbird-debuginfo-3.1.20-0.15.4 MozillaThunderbird-debugsource-3.1.20-0.15.4 MozillaThunderbird-devel-3.1.20-0.15.4 MozillaThunderbird-devel-debuginfo-3.1.20-0.15.4 MozillaThunderbird-translations-common-3.1.20-0.15.4 MozillaThunderbird-translations-other-3.1.20-0.15.4 enigmail-1.1.2+3.1.20-0.15.4 enigmail-debuginfo-1.1.2+3.1.20-0.15.4 libfreebl3-3.13.3-0.41.2 libfreebl3-debuginfo-3.13.3-0.41.2 libsoftokn3-3.13.3-0.41.2 libsoftokn3-debuginfo-3.13.3-0.41.2 mozilla-js192-1.9.2.28-0.22.2 mozilla-js192-debuginfo-1.9.2.28-0.22.2 mozilla-nspr-4.9.0-0.13.1 mozilla-nspr-debuginfo-4.9.0-0.13.1 mozilla-nspr-debugsource-4.9.0-0.13.1 mozilla-nspr-devel-4.9.0-0.13.1 mozilla-nss-3.13.3-0.41.2 mozilla-nss-certs-3.13.3-0.41.2 mozilla-nss-certs-debuginfo-3.13.3-0.41.2 mozilla-nss-debuginfo-3.13.3-0.41.2 mozilla-nss-debugsource-3.13.3-0.41.2 mozilla-nss-devel-3.13.3-0.41.2 mozilla-nss-sysinit-3.13.3-0.41.2 mozilla-nss-sysinit-debuginfo-3.13.3-0.41.2 mozilla-nss-tools-3.13.3-0.41.2 mozilla-nss-tools-debuginfo-3.13.3-0.41.2 mozilla-xulrunner192-1.9.2.28-0.22.2 mozilla-xulrunner192-buildsymbols-1.9.2.28-0.22.2 mozilla-xulrunner192-debuginfo-1.9.2.28-0.22.2 mozilla-xulrunner192-debugsource-1.9.2.28-0.22.2 mozilla-xulrunner192-devel-1.9.2.28-0.22.2 mozilla-xulrunner192-devel-debuginfo-1.9.2.28-0.22.2 mozilla-xulrunner192-gnome-1.9.2.28-0.22.2 mozilla-xulrunner192-gnome-debuginfo-1.9.2.28-0.22.2 mozilla-xulrunner192-translations-common-1.9.2.28-0.22.2 mozilla-xulrunner192-translations-other-1.9.2.28-0.22.2 seamonkey-2.8-0.15.1 seamonkey-debuginfo-2.8-0.15.1 seamonkey-debugsource-2.8-0.15.1 seamonkey-dom-inspector-2.8-0.15.1 seamonkey-irc-2.8-0.15.1 seamonkey-translations-common-2.8-0.15.1 seamonkey-translations-other-2.8-0.15.1 seamonkey-venkman-2.8-0.15.1 - openSUSE 11.4 (x86_64): libfreebl3-32bit-3.13.3-0.41.2 libfreebl3-debuginfo-32bit-3.13.3-0.41.2 libsoftokn3-32bit-3.13.3-0.41.2 libsoftokn3-debuginfo-32bit-3.13.3-0.41.2 mozilla-js192-32bit-1.9.2.28-0.22.2 mozilla-js192-debuginfo-32bit-1.9.2.28-0.22.2 mozilla-nspr-32bit-4.9.0-0.13.1 mozilla-nspr-debuginfo-32bit-4.9.0-0.13.1 mozilla-nss-32bit-3.13.3-0.41.2 mozilla-nss-certs-32bit-3.13.3-0.41.2 mozilla-nss-certs-debuginfo-32bit-3.13.3-0.41.2 mozilla-nss-debuginfo-32bit-3.13.3-0.41.2 mozilla-nss-sysinit-32bit-3.13.3-0.41.2 mozilla-nss-sysinit-debuginfo-32bit-3.13.3-0.41.2 mozilla-xulrunner192-32bit-1.9.2.28-0.22.2 mozilla-xulrunner192-debuginfo-32bit-1.9.2.28-0.22.2 mozilla-xulrunner192-gnome-32bit-1.9.2.28-0.22.2 mozilla-xulrunner192-gnome-debuginfo-32bit-1.9.2.28-0.22.2 mozilla-xulrunner192-translations-common-32bit-1.9.2.28-0.22.2 mozilla-xulrunner192-translations-other-32bit-1.9.2.28-0.22.2 References: http://support.novell.com/security/cve/CVE-2011-3658.html http://support.novell.com/security/cve/CVE-2012-0451.html http://support.novell.com/security/cve/CVE-2012-0455.html http://support.novell.com/security/cve/CVE-2012-0456.html http://support.novell.com/security/cve/CVE-2012-0457.html http://support.novell.com/security/cve/CVE-2012-0458.html http://support.novell.com/security/cve/CVE-2012-0459.html http://support.novell.com/security/cve/CVE-2012-0460.html http://support.novell.com/security/cve/CVE-2012-0461.html http://support.novell.com/security/cve/CVE-2012-0462.html http://support.novell.com/security/cve/CVE-2012-0463.html http://support.novell.com/security/cve/CVE-2012-0464.html https://bugzilla.novell.com/745303 https://bugzilla.novell.com/746591 https://bugzilla.novell.com/747320 https://bugzilla.novell.com/749440 https://bugzilla.novell.com/750044 https://bugzilla.novell.com/750673