Mailinglist Archive: opensuse-updates (57 mails)

< Previous Next >
openSUSE-SU-2010:0358-2 (important): MozillaFirefox: Security update to version 3.5.10
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Thu, 8 Jul 2010 11:08:11 +0200 (CEST)
  • Message-id: <20100708090811.4C9AEBE26@xxxxxxxxxxxxxx>
openSUSE Security Update: MozillaFirefox: Security update to version 3.5.10
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:0358-2
Rating: important
References: #603356
Affected Products:
openSUSE 11.2
openSUSE 11.1
openSUSE 11.0
______________________________________________________________________________

An update that contains security fixes can now be
installed. It includes two new package versions.

Description:

Mozilla Firefox was updated to version 3.5.10, fixing
various bugs and security issues.

MFSA 2010-33 / CVE-2008-5913: Security researcher Amit
Klein reported that it was possible to reverse engineer the
value used to seed Math.random(). Since the pseudo-random
number generator was only seeded once per browsing session,
this seed value could be used as a unique token to identify
and track users across different web sites.

MFSA 2010-32 / CVE-2010-1197: Security researcher Ilja van
Sprundel of IOActive reported that the Content-Disposition:
attachment HTTP header was ignored when Content-Type:
multipart was also present. This issue could potentially
lead to XSS problems in sites that allow users to upload
arbitrary files and specify a Content-Type but rely on
Content-Disposition: attachment to prevent the content from
being displayed inline.

MFSA 2010-31 / CVE-2010-1125: Google security researcher
Michal Zalewski reported that focus() could be used to
change a user's cursor focus while they are typing,
potentially directing their keyboard input to an unintended
location. This behaviour was also present across origins
when content from one domain was embedded within another
via an iframe. A malicious web page could use this
behaviour to steal keystrokes from a victim while they were
typing sensitive information such as a password.

MFSA 2010-30 / CVE-2010-1199: Security researcher Martin
Barbella reported via TippingPoint's Zero Day Initiative
that an XSLT node sorting routine contained an integer
overflow vulnerability. In cases where one of the nodes to
be sorted contained a very large text value, the integer
used to allocate a memory buffer to store its value would
overflow, resulting in too small a buffer being created. An
attacker could use this vulnerability to write data past
the end of the buffer, causing the browser to crash and
potentially running arbitrary code on a victim's computer.

MFSA 2010-29 / CVE-2010-1196: Security researcher Nils of
MWR InfoSecurity reported that the routine for setting the
text value for certain types of DOM nodes contained an
integer overflow vulnerability. When a very long string was
passed to this routine, the integer value used in creating
a new memory buffer to hold the string would overflow,
resulting in too small a buffer being allocated. An
attacker could use this vulnerability to write data past
the end of the buffer, causing a crash and potentially
running arbitrary code on a victim's computer.

MFSA 2010-28 / CVE-2010-1198: Microsoft Vulnerability
Research reported that two plugin instances could interact
in a way in which one plugin gets a reference to an object
owned by a second plugin and continues to hold that
reference after the second plugin is unloaded and its
object is destroyed. In these cases, the first plugin would
contain a pointer to freed memory which, if accessed, could
be used by an attacker to execute arbitrary code on a
victim's computer.

MFSA 2010-27 / CVE-2010-0183: Security researcher wushi of
team509 reported that the frame construction process for
certain types of menus could result in a menu containing a
pointer to a previously freed menu item. During the cycle
collection process, this freed item could be accessed,
resulting in the execution of a section of code potentially
controlled by an attacker.

MFSA 2010-26 / CVE-2010-1200 / CVE-2010-1201 /
CVE-2010-1202 / CVE-2010-1203: Mozilla developers
identified and fixed several stability bugs in the browser
engine used in Firefox and other Mozilla-based products.
Some of these crashes showed evidence of memory corruption
under certain circumstances, and we presume that with
enough effort at least some of these could be exploited to
run arbitrary code.

MFSA 2010-25 / CVE-2010-1121: A memory corruption flaw
leading to code execution was reported by security
researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own
contest sponsored by TippingPoint's Zero Day Initiative. By
moving DOM nodes between documents Nils found a case where
the moved node incorrectly retained its old scope. If
garbage collection could be triggered at the right time
then Firefox would later use this freed object. The contest
winning exploit only affects Firefox 3.6 and not earlier
versions. Updated (June 22, 2010): Firefox 3.5, SeaMonkey
2.0, and Thunderbird 3.0 based on earlier versions of the
browser engine were patched just in case there is an
alternate way of triggering the underlying flaw.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.2:

zypper in -t patch MozillaFirefox-2595

- openSUSE 11.1:

zypper in -t patch MozillaFirefox-2595

- openSUSE 11.0:

zypper in -t patch MozillaFirefox-2595

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.2 (i586 src x86_64) [New Version: 1.9.1.10 and 3.5.10]:

MozillaFirefox-3.5.10-0.1.1
mozilla-xulrunner191-1.9.1.10-0.1.1

- openSUSE 11.2 (i586 x86_64) [New Version: 1.9.1.10 and 3.5.10]:

MozillaFirefox-branding-upstream-3.5.10-0.1.1
MozillaFirefox-translations-common-3.5.10-0.1.1
MozillaFirefox-translations-other-3.5.10-0.1.1
mozilla-xulrunner191-devel-1.9.1.10-0.1.1
mozilla-xulrunner191-gnomevfs-1.9.1.10-0.1.1
mozilla-xulrunner191-translations-common-1.9.1.10-0.1.1
mozilla-xulrunner191-translations-other-1.9.1.10-0.1.1
python-xpcom191-1.9.1.10-0.1.1

- openSUSE 11.2 (x86_64) [New Version: 1.9.1.10]:

mozilla-xulrunner191-32bit-1.9.1.10-0.1.1
mozilla-xulrunner191-gnomevfs-32bit-1.9.1.10-0.1.1

- openSUSE 11.1 (i586 ppc src x86_64) [New Version: 1.9.1.10 and 3.5.10]:

MozillaFirefox-3.5.10-0.1.2
mozilla-xulrunner191-1.9.1.10-0.1.2

- openSUSE 11.1 (i586 ppc x86_64) [New Version: 1.9.1.10 and 3.5.10]:

MozillaFirefox-branding-upstream-3.5.10-0.1.2
MozillaFirefox-translations-common-3.5.10-0.1.2
MozillaFirefox-translations-other-3.5.10-0.1.2
mozilla-xulrunner191-devel-1.9.1.10-0.1.2
mozilla-xulrunner191-gnomevfs-1.9.1.10-0.1.2
mozilla-xulrunner191-translations-common-1.9.1.10-0.1.2
mozilla-xulrunner191-translations-other-1.9.1.10-0.1.2
python-xpcom191-1.9.1.10-0.1.2

- openSUSE 11.1 (x86_64) [New Version: 1.9.1.10]:

mozilla-xulrunner191-32bit-1.9.1.10-0.1.2
mozilla-xulrunner191-gnomevfs-32bit-1.9.1.10-0.1.2

- openSUSE 11.0 (i586 ppc src x86_64) [New Version: 1.9.1.10 and 3.5.10]:

MozillaFirefox-3.5.10-0.1
mozilla-xulrunner191-1.9.1.10-0.1

- openSUSE 11.0 (i586 ppc x86_64) [New Version: 1.9.1.10 and 3.5.10]:

MozillaFirefox-branding-upstream-3.5.10-0.1
MozillaFirefox-translations-common-3.5.10-0.1
MozillaFirefox-translations-other-3.5.10-0.1
mozilla-xulrunner191-devel-1.9.1.10-0.1
mozilla-xulrunner191-gnomevfs-1.9.1.10-0.1
mozilla-xulrunner191-translations-common-1.9.1.10-0.1
mozilla-xulrunner191-translations-other-1.9.1.10-0.1
python-xpcom191-1.9.1.10-0.1

- openSUSE 11.0 (x86_64) [New Version: 1.9.1.10]:

mozilla-xulrunner191-32bit-1.9.1.10-0.1
mozilla-xulrunner191-gnomevfs-32bit-1.9.1.10-0.1

- openSUSE 11.0 (ppc) [New Version: 1.9.1.10]:

mozilla-xulrunner191-64bit-1.9.1.10-0.1
mozilla-xulrunner191-gnomevfs-64bit-1.9.1.10-0.1


References:

https://bugzilla.novell.com/603356


< Previous Next >
This Thread
  • No further messages