Mailinglist Archive: opensuse-security-announce (26 mails)

< Previous Next >
[security-announce] openSUSE-SU-2012:1345-1: important: MozillaFirefox: update to Firefox 16.0.1
openSUSE Security Update: MozillaFirefox: update to Firefox 16.0.1
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:1345-1
Rating: important
References: #783533
Cross-References: CVE-2012-3982 CVE-2012-3983 CVE-2012-3984
CVE-2012-3985 CVE-2012-3986 CVE-2012-3988
CVE-2012-3989 CVE-2012-3990 CVE-2012-3991
CVE-2012-3992 CVE-2012-3993 CVE-2012-3994
CVE-2012-3995 CVE-2012-4179 CVE-2012-4180
CVE-2012-4182 CVE-2012-4183 CVE-2012-4184
CVE-2012-4185 CVE-2012-4186 CVE-2012-4187
CVE-2012-4188 CVE-2012-4191 CVE-2012-4192
CVE-2012-4193
Affected Products:
openSUSE 12.2
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________

An update that fixes 25 vulnerabilities is now available.

Description:


The Mozilla suite received following security updates
(bnc#783533):

Mozilla Firefox was updated to 16.0.1. Mozilla Seamonkey
was updated to 2.13.1. Mozilla Thunderbird was updated to
16.0.1. Mozilla XULRunner was updated to 16.0.1.

* MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous
memory safety hazards
* MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952,
bmo#720619) defaultValue security checks not applied
* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous
memory safety hazards
* MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element
persistance allows for attacks
* MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued
access to initial origin after setting document.domain
* MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some
DOMWindowUtils methods bypass security checks
* MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash
with full screen and history navigation
* MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with
invalid cast when using instanceof operator
* MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty
function can bypass security checks
* MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and
location property accessible by plugins
* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101,
bmo#780370) Chrome Object Wrapper (COW) does not
disallow acces to privileged functions or properties
* MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and
script injection through location.hash
* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
Use-after-free, buffer overflow, and out of bounds read
issues found using Address Sanitizer
* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
CVE-2012-4188 Heap memory corruption issues found using
Address Sanitizer
* MFSA 2012-87/CVE-2012-3990 (bmo#787704)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2012-709

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-709

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-709

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

MozillaFirefox-16.0.1-2.17.1
MozillaFirefox-branding-upstream-16.0.1-2.17.1
MozillaFirefox-buildsymbols-16.0.1-2.17.1
MozillaFirefox-debuginfo-16.0.1-2.17.1
MozillaFirefox-debugsource-16.0.1-2.17.1
MozillaFirefox-devel-16.0.1-2.17.1
MozillaFirefox-translations-common-16.0.1-2.17.1
MozillaFirefox-translations-other-16.0.1-2.17.1
MozillaThunderbird-16.0.1-49.15.1
MozillaThunderbird-buildsymbols-16.0.1-49.15.1
MozillaThunderbird-debuginfo-16.0.1-49.15.1
MozillaThunderbird-debugsource-16.0.1-49.15.1
MozillaThunderbird-devel-16.0.1-49.15.1
MozillaThunderbird-devel-debuginfo-16.0.1-49.15.1
MozillaThunderbird-translations-common-16.0.1-49.15.1
MozillaThunderbird-translations-other-16.0.1-49.15.1
enigmail-1.4.5.+16.0.1-49.15.1
enigmail-debuginfo-1.4.5.+16.0.1-49.15.1
mozilla-js-16.0.1-2.14.1
mozilla-js-debuginfo-16.0.1-2.14.1
mozilla-kde4-integration-0.6.4-10.4.1
mozilla-kde4-integration-debuginfo-0.6.4-10.4.1
mozilla-kde4-integration-debugsource-0.6.4-10.4.1
seamonkey-2.13.1-2.18.1
seamonkey-debuginfo-2.13.1-2.18.1
seamonkey-debugsource-2.13.1-2.18.1
seamonkey-dom-inspector-2.13.1-2.18.1
seamonkey-irc-2.13.1-2.18.1
seamonkey-translations-common-2.13.1-2.18.1
seamonkey-translations-other-2.13.1-2.18.1
seamonkey-venkman-2.13.1-2.18.1
xulrunner-16.0.1-2.14.1
xulrunner-buildsymbols-16.0.1-2.14.1
xulrunner-debuginfo-16.0.1-2.14.1
xulrunner-debugsource-16.0.1-2.14.1
xulrunner-devel-16.0.1-2.14.1
xulrunner-devel-debuginfo-16.0.1-2.14.1

- openSUSE 12.2 (x86_64):

mozilla-js-32bit-16.0.1-2.14.1
mozilla-js-debuginfo-32bit-16.0.1-2.14.1
xulrunner-32bit-16.0.1-2.14.1
xulrunner-debuginfo-32bit-16.0.1-2.14.1

- openSUSE 12.1 (i586 x86_64):

MozillaFirefox-16.0.1-2.46.1
MozillaFirefox-branding-upstream-16.0.1-2.46.1
MozillaFirefox-buildsymbols-16.0.1-2.46.1
MozillaFirefox-debuginfo-16.0.1-2.46.1
MozillaFirefox-debugsource-16.0.1-2.46.1
MozillaFirefox-devel-16.0.1-2.46.1
MozillaFirefox-translations-common-16.0.1-2.46.1
MozillaFirefox-translations-other-16.0.1-2.46.1
MozillaThunderbird-16.0.1-33.35.1
MozillaThunderbird-buildsymbols-16.0.1-33.35.1
MozillaThunderbird-debuginfo-16.0.1-33.35.1
MozillaThunderbird-debugsource-16.0.1-33.35.1
MozillaThunderbird-devel-16.0.1-33.35.1
MozillaThunderbird-devel-debuginfo-16.0.1-33.35.1
MozillaThunderbird-translations-common-16.0.1-33.35.1
MozillaThunderbird-translations-other-16.0.1-33.35.1
enigmail-1.4.5.+16.0.1-33.35.1
enigmail-debuginfo-1.4.5.+16.0.1-33.35.1
mozilla-js-16.0.1-2.41.1
mozilla-js-debuginfo-16.0.1-2.41.1
mozilla-kde4-integration-0.6.4-6.4.1
mozilla-kde4-integration-debuginfo-0.6.4-6.4.1
mozilla-kde4-integration-debugsource-0.6.4-6.4.1
seamonkey-2.13.1-2.37.1
seamonkey-debuginfo-2.13.1-2.37.1
seamonkey-debugsource-2.13.1-2.37.1
seamonkey-dom-inspector-2.13.1-2.37.1
seamonkey-irc-2.13.1-2.37.1
seamonkey-translations-common-2.13.1-2.37.1
seamonkey-translations-other-2.13.1-2.37.1
seamonkey-venkman-2.13.1-2.37.1
xulrunner-16.0.1-2.41.1
xulrunner-buildsymbols-16.0.1-2.41.1
xulrunner-debuginfo-16.0.1-2.41.1
xulrunner-debugsource-16.0.1-2.41.1
xulrunner-devel-16.0.1-2.41.1
xulrunner-devel-debuginfo-16.0.1-2.41.1

- openSUSE 12.1 (x86_64):

mozilla-js-32bit-16.0.1-2.41.1
mozilla-js-debuginfo-32bit-16.0.1-2.41.1
xulrunner-32bit-16.0.1-2.41.1
xulrunner-debuginfo-32bit-16.0.1-2.41.1

- openSUSE 12.1 (ia64):

mozilla-js-debuginfo-x86-16.0.1-2.41.1
mozilla-js-x86-16.0.1-2.41.1
xulrunner-debuginfo-x86-16.0.1-2.41.1
xulrunner-x86-16.0.1-2.41.1

- openSUSE 11.4 (i586 x86_64):

MozillaFirefox-16.0.1-41.1
MozillaFirefox-branding-upstream-16.0.1-41.1
MozillaFirefox-buildsymbols-16.0.1-41.1
MozillaFirefox-debuginfo-16.0.1-41.1
MozillaFirefox-debugsource-16.0.1-41.1
MozillaFirefox-devel-16.0.1-41.1
MozillaFirefox-translations-common-16.0.1-41.1
MozillaFirefox-translations-other-16.0.1-41.1
MozillaThunderbird-16.0.1-33.1
MozillaThunderbird-buildsymbols-16.0.1-33.1
MozillaThunderbird-debuginfo-16.0.1-33.1
MozillaThunderbird-debugsource-16.0.1-33.1
MozillaThunderbird-devel-16.0.1-33.1
MozillaThunderbird-devel-debuginfo-16.0.1-33.1
MozillaThunderbird-translations-common-16.0.1-33.1
MozillaThunderbird-translations-other-16.0.1-33.1
enigmail-1.4.5.+16.0.1-33.1
enigmail-debuginfo-1.4.5.+16.0.1-33.1
mozilla-kde4-integration-0.6.4-6.1
mozilla-kde4-integration-debuginfo-0.6.4-6.1
mozilla-kde4-integration-debugsource-0.6.4-6.1
seamonkey-2.13.1-37.1
seamonkey-debuginfo-2.13.1-37.1
seamonkey-debugsource-2.13.1-37.1
seamonkey-dom-inspector-2.13.1-37.1
seamonkey-irc-2.13.1-37.1
seamonkey-translations-common-2.13.1-37.1
seamonkey-translations-other-2.13.1-37.1
seamonkey-venkman-2.13.1-37.1


References:

http://support.novell.com/security/cve/CVE-2012-3982.html
http://support.novell.com/security/cve/CVE-2012-3983.html
http://support.novell.com/security/cve/CVE-2012-3984.html
http://support.novell.com/security/cve/CVE-2012-3985.html
http://support.novell.com/security/cve/CVE-2012-3986.html
http://support.novell.com/security/cve/CVE-2012-3988.html
http://support.novell.com/security/cve/CVE-2012-3989.html
http://support.novell.com/security/cve/CVE-2012-3990.html
http://support.novell.com/security/cve/CVE-2012-3991.html
http://support.novell.com/security/cve/CVE-2012-3992.html
http://support.novell.com/security/cve/CVE-2012-3993.html
http://support.novell.com/security/cve/CVE-2012-3994.html
http://support.novell.com/security/cve/CVE-2012-3995.html
http://support.novell.com/security/cve/CVE-2012-4179.html
http://support.novell.com/security/cve/CVE-2012-4180.html
http://support.novell.com/security/cve/CVE-2012-4182.html
http://support.novell.com/security/cve/CVE-2012-4183.html
http://support.novell.com/security/cve/CVE-2012-4184.html
http://support.novell.com/security/cve/CVE-2012-4185.html
http://support.novell.com/security/cve/CVE-2012-4186.html
http://support.novell.com/security/cve/CVE-2012-4187.html
http://support.novell.com/security/cve/CVE-2012-4188.html
http://support.novell.com/security/cve/CVE-2012-4191.html
http://support.novell.com/security/cve/CVE-2012-4192.html
http://support.novell.com/security/cve/CVE-2012-4193.html
https://bugzilla.novell.com/783533

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages