openSUSE Security Update: update for MozillaFirefox, MozillaThunderbird, mozilla-nspr, mozilla-nss, seamonkey, xulrunner ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1348-1 Rating: important References: #833389 Cross-References: CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: Changes in seamonkey: - update to SeaMonkey 2.20 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in seamonkey: - update to SeaMonkey 2.20 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in xulrunner: - update to 17.0.8esr (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in xulrunner: - update to 17.0.8esr (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in MozillaThunderbird: - update to Thunderbird 17.0.8 (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 * bugfix release Changes in MozillaThunderbird: - update to Thunderbird 17.0.8 (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 * bugfix release Changes in mozilla-nss: - fix 32bit requirement, it's without () actually - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. * New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. * New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE * Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. * a lot of bugfixes - Add Source URL, see https://en.opensuse.org/SourceUrls Changes in mozilla-nss: - fix 32bit requirement, it's without () actually - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. * New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. * New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE * Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. * a lot of bugfixes - Add Source URL, see https://en.opensuse.org/SourceUrls Changes in mozilla-nspr: - update to version 4.10 * bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena. * bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf. * bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10. * bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c. * bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h. * bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux. * bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority. Changes in mozilla-nspr: - update to version 4.10 * bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena. * bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf. * bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10. * bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c. * bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h. * bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux. * bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority. Changes in MozillaFirefox: - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/) Changes in MozillaFirefox: - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-652 - openSUSE 12.2: zypper in -t patch openSUSE-2013-652 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): MozillaFirefox-23.0-1.29.1 MozillaFirefox-branding-upstream-23.0-1.29.1 MozillaFirefox-buildsymbols-23.0-1.29.1 MozillaFirefox-debuginfo-23.0-1.29.1 MozillaFirefox-debugsource-23.0-1.29.1 MozillaFirefox-devel-23.0-1.29.1 MozillaFirefox-translations-common-23.0-1.29.1 MozillaFirefox-translations-other-23.0-1.29.1 MozillaThunderbird-17.0.8-61.21.2 MozillaThunderbird-buildsymbols-17.0.8-61.21.2 MozillaThunderbird-debuginfo-17.0.8-61.21.2 MozillaThunderbird-debugsource-17.0.8-61.21.2 MozillaThunderbird-devel-17.0.8-61.21.2 MozillaThunderbird-devel-debuginfo-17.0.8-61.21.2 MozillaThunderbird-translations-common-17.0.8-61.21.2 MozillaThunderbird-translations-other-17.0.8-61.21.2 enigmail-1.5.2+17.0.8-61.21.2 enigmail-debuginfo-1.5.2+17.0.8-61.21.2 libfreebl3-3.15.1-1.12.1 libfreebl3-debuginfo-3.15.1-1.12.1 libsoftokn3-3.15.1-1.12.1 libsoftokn3-debuginfo-3.15.1-1.12.1 mozilla-js-17.0.8-1.24.1 mozilla-js-debuginfo-17.0.8-1.24.1 mozilla-nspr-4.10-1.14.1 mozilla-nspr-debuginfo-4.10-1.14.1 mozilla-nspr-debugsource-4.10-1.14.1 mozilla-nspr-devel-4.10-1.14.1 mozilla-nss-3.15.1-1.12.1 mozilla-nss-certs-3.15.1-1.12.1 mozilla-nss-certs-debuginfo-3.15.1-1.12.1 mozilla-nss-debuginfo-3.15.1-1.12.1 mozilla-nss-debugsource-3.15.1-1.12.1 mozilla-nss-devel-3.15.1-1.12.1 mozilla-nss-sysinit-3.15.1-1.12.1 mozilla-nss-sysinit-debuginfo-3.15.1-1.12.1 mozilla-nss-tools-3.15.1-1.12.1 mozilla-nss-tools-debuginfo-3.15.1-1.12.1 seamonkey-2.20-1.16.1 seamonkey-debuginfo-2.20-1.16.1 seamonkey-debugsource-2.20-1.16.1 seamonkey-dom-inspector-2.20-1.16.1 seamonkey-irc-2.20-1.16.1 seamonkey-translations-common-2.20-1.16.1 seamonkey-translations-other-2.20-1.16.1 seamonkey-venkman-2.20-1.16.1 xulrunner-17.0.8-1.24.1 xulrunner-buildsymbols-17.0.8-1.24.1 xulrunner-debuginfo-17.0.8-1.24.1 xulrunner-debugsource-17.0.8-1.24.1 xulrunner-devel-17.0.8-1.24.1 xulrunner-devel-debuginfo-17.0.8-1.24.1 - openSUSE 12.3 (x86_64): libfreebl3-32bit-3.15.1-1.12.1 libfreebl3-debuginfo-32bit-3.15.1-1.12.1 libsoftokn3-32bit-3.15.1-1.12.1 libsoftokn3-debuginfo-32bit-3.15.1-1.12.1 mozilla-js-32bit-17.0.8-1.24.1 mozilla-js-debuginfo-32bit-17.0.8-1.24.1 mozilla-nspr-32bit-4.10-1.14.1 mozilla-nspr-debuginfo-32bit-4.10-1.14.1 mozilla-nss-32bit-3.15.1-1.12.1 mozilla-nss-certs-32bit-3.15.1-1.12.1 mozilla-nss-certs-debuginfo-32bit-3.15.1-1.12.1 mozilla-nss-debuginfo-32bit-3.15.1-1.12.1 mozilla-nss-sysinit-32bit-3.15.1-1.12.1 mozilla-nss-sysinit-debuginfo-32bit-3.15.1-1.12.1 xulrunner-32bit-17.0.8-1.24.1 xulrunner-debuginfo-32bit-17.0.8-1.24.1 - openSUSE 12.2 (i586 x86_64): MozillaFirefox-23.0-2.55.1 MozillaFirefox-branding-upstream-23.0-2.55.1 MozillaFirefox-buildsymbols-23.0-2.55.1 MozillaFirefox-debuginfo-23.0-2.55.1 MozillaFirefox-debugsource-23.0-2.55.1 MozillaFirefox-devel-23.0-2.55.1 MozillaFirefox-translations-common-23.0-2.55.1 MozillaFirefox-translations-other-23.0-2.55.1 MozillaThunderbird-17.0.8-49.51.2 MozillaThunderbird-buildsymbols-17.0.8-49.51.2 MozillaThunderbird-debuginfo-17.0.8-49.51.2 MozillaThunderbird-debugsource-17.0.8-49.51.2 MozillaThunderbird-devel-17.0.8-49.51.2 MozillaThunderbird-devel-debuginfo-17.0.8-49.51.2 MozillaThunderbird-translations-common-17.0.8-49.51.2 MozillaThunderbird-translations-other-17.0.8-49.51.2 enigmail-1.5.2+17.0.8-49.51.2 enigmail-debuginfo-1.5.2+17.0.8-49.51.2 libfreebl3-3.15.1-2.23.1 libfreebl3-debuginfo-3.15.1-2.23.1 libsoftokn3-3.15.1-2.23.1 libsoftokn3-debuginfo-3.15.1-2.23.1 mozilla-js-17.0.8-2.50.1 mozilla-js-debuginfo-17.0.8-2.50.1 mozilla-nspr-4.10-1.16.1 mozilla-nspr-debuginfo-4.10-1.16.1 mozilla-nspr-debugsource-4.10-1.16.1 mozilla-nspr-devel-4.10-1.16.1 mozilla-nss-3.15.1-2.23.1 mozilla-nss-certs-3.15.1-2.23.1 mozilla-nss-certs-debuginfo-3.15.1-2.23.1 mozilla-nss-debuginfo-3.15.1-2.23.1 mozilla-nss-debugsource-3.15.1-2.23.1 mozilla-nss-devel-3.15.1-2.23.1 mozilla-nss-sysinit-3.15.1-2.23.1 mozilla-nss-sysinit-debuginfo-3.15.1-2.23.1 mozilla-nss-tools-3.15.1-2.23.1 mozilla-nss-tools-debuginfo-3.15.1-2.23.1 seamonkey-2.20-2.46.1 seamonkey-debuginfo-2.20-2.46.1 seamonkey-debugsource-2.20-2.46.1 seamonkey-dom-inspector-2.20-2.46.1 seamonkey-irc-2.20-2.46.1 seamonkey-translations-common-2.20-2.46.1 seamonkey-translations-other-2.20-2.46.1 seamonkey-venkman-2.20-2.46.1 xulrunner-17.0.8-2.50.1 xulrunner-buildsymbols-17.0.8-2.50.1 xulrunner-debuginfo-17.0.8-2.50.1 xulrunner-debugsource-17.0.8-2.50.1 xulrunner-devel-17.0.8-2.50.1 xulrunner-devel-debuginfo-17.0.8-2.50.1 - openSUSE 12.2 (x86_64): libfreebl3-32bit-3.15.1-2.23.1 libfreebl3-debuginfo-32bit-3.15.1-2.23.1 libsoftokn3-32bit-3.15.1-2.23.1 libsoftokn3-debuginfo-32bit-3.15.1-2.23.1 mozilla-js-32bit-17.0.8-2.50.1 mozilla-js-debuginfo-32bit-17.0.8-2.50.1 mozilla-nspr-32bit-4.10-1.16.1 mozilla-nspr-debuginfo-32bit-4.10-1.16.1 mozilla-nss-32bit-3.15.1-2.23.1 mozilla-nss-certs-32bit-3.15.1-2.23.1 mozilla-nss-certs-debuginfo-32bit-3.15.1-2.23.1 mozilla-nss-debuginfo-32bit-3.15.1-2.23.1 mozilla-nss-sysinit-32bit-3.15.1-2.23.1 mozilla-nss-sysinit-debuginfo-32bit-3.15.1-2.23.1 xulrunner-32bit-17.0.8-2.50.1 xulrunner-debuginfo-32bit-17.0.8-2.50.1 References: http://support.novell.com/security/cve/CVE-2013-1701.html http://support.novell.com/security/cve/CVE-2013-1702.html http://support.novell.com/security/cve/CVE-2013-1704.html http://support.novell.com/security/cve/CVE-2013-1705.html http://support.novell.com/security/cve/CVE-2013-1708.html http://support.novell.com/security/cve/CVE-2013-1709.html http://support.novell.com/security/cve/CVE-2013-1710.html http://support.novell.com/security/cve/CVE-2013-1711.html http://support.novell.com/security/cve/CVE-2013-1713.html http://support.novell.com/security/cve/CVE-2013-1714.html http://support.novell.com/security/cve/CVE-2013-1717.html https://bugzilla.novell.com/833389