Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

openSUSE 11.3: 2011:1242-1 Critical: MozillaFirefox XSS and Memory Issue

opensuse
Calendar Grey November 15, 2011
Dist Opensuse Esm H88
Essential patch released for GoogleChrome resolving major vulnerabilities. Update immediately to secure your device.
An update that fixes three vulnerabilities is now An update that fixes three vulnerabilities is now An update that fixes three vulnerabilities is now available

Description

MozillaFirefox has been updated to version 3.6.24 to fix

the following security issues:

* MFSA 2011-46/CVE-2011-3647 (bmo#680880) loadSubScript

unwraps XPCNativeWrapper scope parameter

* MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS

against sites using Shift-JIS

* MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption

while profiling using Firebug

Topics%20covered

Topics Covered

security advisory critical XSS memory corruption openSUSE MozillaFirefox loadSubScript

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 11.3:

zypper in -t patch MozillaFirefox-5408

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 11.3 (i586 x86_64) [New Version: 1.9.2.24,3.1.16 and 3.6.24]:

MozillaFirefox-3.6.24-0.2.1

MozillaFirefox-branding-openSUSE-3.5-17.3.1

MozillaFirefox-branding-upstream-3.6.24-0.2.1

MozillaFirefox-translations-common-3.6.24-0.2.1

MozillaFirefox-translations-other-3.6.24-0.2.1

MozillaThunderbird-3.1.16-0.23.1

MozillaThunderbird-devel-3.1.16-0.23.1

MozillaThunderbird-translations-common-3.1.16-0.23.1

MozillaThunderbird-translations-other-3.1.16-0.23.1

enigmail-1.1.2+3.1.16-0.23.1

mozilla-js192-1.9.2.24-0.2.1

mozilla-xulrunner192-1.9.2.24-0.2.1

mozilla-xulrunner192-buildsymbols-1.9.2.24-0.2.1

mozilla-xulrunner192-devel-1.9.2.24-0.2.1

mozilla-xulrunner192-gnome-1.9.2.24-0.2.1

mozilla-xulrunner192-translations-common-1.9.2.24-0.2.1

mozilla-xulrunner192-translations-other-1.9.2.24-0.2.1

- openSUSE 11.3 (x86_64) [New Version: 1.9.2.24]:

mozilla-js192-32bit-1.9.2.24-0.2.1

mozilla-xulrunner192-32bit-1.9.2.24-0.2.1

mozilla-xulrunner192-gnome-32bit-1.9.2.24-0.2.1

mozilla-xulrunner192-translations-common-32bit...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2011-3647.html

https://www.suse.com/security/cve/CVE-2011-3648.html

https://www.suse.com/security/cve/CVE-2011-3650.html

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2011:1242-1
Rating: critical
Affected Products: openSUSE 11.3

Topics%20covered

Topics Covered

security advisory critical XSS memory corruption openSUSE MozillaFirefox loadSubScript

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here