Mailinglist Archive: opensuse-updates (130 mails)

< Previous Next >
openSUSE-SU-2013:1918-1: moderate: update for MozillaFirefox
openSUSE Security Update: update for MozillaFirefox

Announcement ID: openSUSE-SU-2013:1918-1
Rating: moderate
References: #854367 #854370
Cross-References: CVE-2013-5609 CVE-2013-5610 CVE-2013-5611
CVE-2013-5612 CVE-2013-5613 CVE-2013-5614
CVE-2013-5615 CVE-2013-5616 CVE-2013-5618
CVE-2013-5619 CVE-2013-6629 CVE-2013-6630
CVE-2013-6671 CVE-2013-6672 CVE-2013-6673

Affected Products:
openSUSE 13.1

An update that fixes 15 vulnerabilities is now available.


- update to Firefox 26.0 (bnc#854367, bnc#854370)
* rebased patches
* requires NSPR 4.10.2 and NSS
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous
memory safety hazards
* MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application
Installation doorhanger persists on navigation
* MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character
encoding cross-origin XSS attack
* MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox
restrictions not applied to nested object elements
* MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free
in event listeners
* MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free
during Table Editing
* MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential
overflow in JavaScript binary search algorithms
* MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation
violation when replacing ordered list elements
* MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux
clipboard information disclosure though selection paste
* MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings
for built-in roots ignored during EV certificate
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
Use-after-free in synthetic mouse movement
* MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC
typed array stubs can be generated outside observed
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
JPEG information leak
* MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI
certificate (fixed via NSS
- removed gecko.js preference file as GStreamer is enabled
by default now

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2013-995

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.1 (i586 x86_64):



< Previous Next >
This Thread
  • No further messages