openSUSE Security Update: MozillaFirefox: Update to Firefox 3.6.23
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2011:1079-1
Rating:             important
References:         #720264 
Cross-References:   CVE-2011-2372 CVE-2011-2995 CVE-2011-2996
                    CVE-2011-2999 CVE-2011-3000
Affected Products:
                    openSUSE 11.3
______________________________________________________________________________

   An update that fixes 5 vulnerabilities is now available. It
   includes two new package versions.

Description:

   Mozilla Firefox was updated to version 3.6.23, fixing
   various bugs and security issues.

   MFSA 2011-36: Mozilla developers identified and fixed
   several memory safety bugs in the browser engine used in
   Firefox and other Mozilla-based products. Some of these
   bugs showed evidence of memory corruption under certain
   circumstances, and we presume that with enough effort at
   least some of these could be exploited to run arbitrary
   code.

   In general these flaws cannot be exploited through email in
   the Thunderbird and SeaMonkey products because scripting is
   disabled,, but are potentially a risk in browser or
   browser-like contexts in those products.

   Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported
   memory safety problems that affected Firefox 3.6 and
   Firefox 6. (CVE-2011-2995)

   Josh Aas reported a potential crash in the plugin API that
   affected Firefox 3.6 only. (CVE-2011-2996)

   MFSA 2011-37: Mark Kaplan reported a potentially
   exploitable crash due to integer underflow when using a
   large JavaScript RegExp expression. We would also like to
   thank Mark for contributing the fix for this problem. (no
   CVE yet)

   MFSA 2011-38: Mozilla developer Boris Zbarsky reported that
   a frame named "location" could shadow the window.location
   object unless a script in a page grabbed a reference to the
   true object before the frame was created. Because some
   plugins use the value of window.location to determine the
   page origin this could fool the plugin into granting the
   plugin content access to another site or the local file
   system in violation of the Same Origin Policy. This flaw
   allows circumvention of the fix added for MFSA 2010-10.
   (CVE-2011-2999)

   MFSA 2011-39: Ian Graham of Citrix Online reported that
   when multiple Location headers were present in a redirect
   response Mozilla behavior differed from other browsers:
   Mozilla would use the second Location header while Chrome
   and Internet Explorer would use the first. Two copies of
   this header with different values could be a symptom of a
   CRLF injection attack against a vulnerable server. Most
   commonly it is the Location header itself that is
   vulnerable to the response splitting and therefore the copy
   preferred by Mozilla is more likely to be the malicious
   one. It is possible, however, that the first copy was the
   injected one depending on the nature of the server
   vulnerability.

   The Mozilla browser engine has been changed to treat two
   copies of this header with different values as an error
   condition. The same has been done with the headers   Content-Length and Content-Disposition. (CVE-2011-3000)

   MFSA 2011-40: Mariusz Mlynski reported that if you could
   convince a user to hold down the Enter key--as part of a
   game or test, perhaps--a malicious page could pop up a
   download dialog where the held key would then activate the
   default Open action. For some file types this would be
   merely annoying (the equivalent of a pop-up) but other file
   types have powerful scripting capabilities. And this would
   provide an avenue for an attacker to exploit a
   vulnerability in applications not normally exposed to
   potentially hostile internet content.

   Holding enter allows arbitrary code execution due to
   Download Manager (CVE-2011-2372)


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.3:

      zypper in -t patch MozillaFirefox-5203

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.3 (i586 x86_64) [New Version: 1.9.2.23 and 3.6.23]:

      MozillaFirefox-3.6.23-0.2.1
      MozillaFirefox-branding-upstream-3.6.23-0.2.1
      MozillaFirefox-translations-common-3.6.23-0.2.1
      MozillaFirefox-translations-other-3.6.23-0.2.1
      mozilla-js192-1.9.2.23-1.2.1
      mozilla-xulrunner192-1.9.2.23-1.2.1
      mozilla-xulrunner192-buildsymbols-1.9.2.23-1.2.1
      mozilla-xulrunner192-devel-1.9.2.23-1.2.1
      mozilla-xulrunner192-gnome-1.9.2.23-1.2.1
      mozilla-xulrunner192-translations-common-1.9.2.23-1.2.1
      mozilla-xulrunner192-translations-other-1.9.2.23-1.2.1

   - openSUSE 11.3 (x86_64) [New Version: 1.9.2.23]:

      mozilla-js192-32bit-1.9.2.23-1.2.1
      mozilla-xulrunner192-32bit-1.9.2.23-1.2.1
      mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1
      mozilla-xulrunner192-translations-common-32bit-1.9.2.23-1.2.1
      mozilla-xulrunner192-translations-other-32bit-1.9.2.23-1.2.1


References:

   https://www.suse.com/security/cve/CVE-2011-2372.html
   https://www.suse.com/security/cve/CVE-2011-2995.html
   https://www.suse.com/security/cve/CVE-2011-2996.html
   https://www.suse.com/security/cve/CVE-2011-2999.html
   https://www.suse.com/security/cve/CVE-2011-3000.html
   https://bugzilla.novell.com/720264

openSUSE: 2011:1079-1: important: MozillaFirefox

September 29, 2011
An update that fixes 5 vulnerabilities is now available

Description

Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled,, but are potentially a risk in browser or browser-like contexts in those products. Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems that affected Firefox 3.6 and Firefox 6. (CVE-2011-2995) Josh Aas reported a potential crash in the plugin API that affected Firefox 3.6 only. (CVE-2011-2996) MFSA 2011-37: Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. We would also like to thank Mark for contributing the fix for this problem. (no CVE yet) MFSA 2011-38: Mozilla developer Boris Zbarsky reported that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy. This flaw allows circumvention of the fix added for MFSA 2010-10. (CVE-2011-2999) MFSA 2011-39: Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers: Mozilla would use the second Location header while Chrome and Internet Explorer would use the first. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Most commonly it is the Location header itself that is vulnerable to the response splitting and therefore the copy preferred by Mozilla is more likely to be the malicious one. It is possible, however, that the first copy was the injected one depending on the nature of the server vulnerability. The Mozilla browser engine has been changed to treat two copies of this header with different values as an error condition. The same has been done with the headers Content-Length and Content-Disposition. (CVE-2011-3000) MFSA 2011-40: Mariusz Mlynski reported that if you could convince a user to hold down the Enter key--as part of a game or test, perhaps--a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content. Holding enter allows arbitrary code execution due to Download Manager (CVE-2011-2372)

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch MozillaFirefox-5203 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 11.3 (i586 x86_64) [New Version: 1.9.2.23 and 3.6.23]: MozillaFirefox-3.6.23-0.2.1 MozillaFirefox-branding-upstream-3.6.23-0.2.1 MozillaFirefox-translations-common-3.6.23-0.2.1 MozillaFirefox-translations-other-3.6.23-0.2.1 mozilla-js192-1.9.2.23-1.2.1 mozilla-xulrunner192-1.9.2.23-1.2.1 mozilla-xulrunner192-buildsymbols-1.9.2.23-1.2.1 mozilla-xulrunner192-devel-1.9.2.23-1.2.1 mozilla-xulrunner192-gnome-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-common-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-other-1.9.2.23-1.2.1 - openSUSE 11.3 (x86_64) [New Version: 1.9.2.23]: mozilla-js192-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-common-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-other-32bit-1.9.2.23-1.2.1


References

https://www.suse.com/security/cve/CVE-2011-2372.html https://www.suse.com/security/cve/CVE-2011-2995.html https://www.suse.com/security/cve/CVE-2011-2996.html https://www.suse.com/security/cve/CVE-2011-2999.html https://www.suse.com/security/cve/CVE-2011-3000.html https://bugzilla.novell.com/720264


Severity
Announcement ID: openSUSE-SU-2011:1079-1
Rating: important
Affected Products: openSUSE 11.3 . It includes two new package versions.

Related News

Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered
Open Source Strategies for Enhancing Security in Digital Business Operations
5 - 9 min read
Digital transformation, powered by the principles of open-source security , is vital for businesses looking to excel in today's technology-driven
Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved