Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

openSUSE 12.1: 2012:0899-1 Critical Security Issues in MozillaFirefox

opensuse
Calendar Grey July 23, 2012
Dist Opensuse Esm H88
Upgrade MozillaFirefox to address 18 serious vulnerabilities, encompassing memory safety weaknesses and risks of remote code execution.
An update that fixes 18 vulnerabilities is now available

Description

MozillaFirefox was updated to 14.0.1 to fix various bugs

and security issues.

Following security issues were fixed: MFSA 2012-42: Mozilla

developers identified and fixed several memory safety bugs

in the browser engine used in Firefox and other

Mozilla-based products. Some of these bugs showed evidence

of memory corruption under certain circumstances, and we

presume that with enough effort at least some of these

could be exploited to run arbitrary code.

CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler,

Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey,

and Kyle Huey reported memory safety problems and crashes

that affect Firefox 13.

CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian

Holler, and Bill McCloskey reported memory safety problems

and crashes that affect Firefox ESR 10 and Firefox 13.

MFSA 2012-43 / CVE-2012-1950: Security researcher Mario

Gomes andresearch firm Code Audit Labs reported a...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-410

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-410

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.1 (i586 x86_64):

MozillaFirefox-14.0.1-2.33.1

MozillaFirefox-branding-upstream-14.0.1-2.33.1

MozillaFirefox-buildsymbols-14.0.1-2.33.1

MozillaFirefox-debuginfo-14.0.1-2.33.1

MozillaFirefox-debugsource-14.0.1-2.33.1

MozillaFirefox-devel-14.0.1-2.33.1

MozillaFirefox-translations-common-14.0.1-2.33.1

MozillaFirefox-translations-other-14.0.1-2.33.1

- openSUSE 11.4 (i586 x86_64):

MozillaFirefox-14.0.1-28.1

MozillaFirefox-branding-upstream-14.0.1-28.1

MozillaFirefox-buildsymbols-14.0.1-28.1

MozillaFirefox-debuginfo-14.0.1-28.1

MozillaFirefox-debugsource-14.0.1-28.1

MozillaFirefox-devel-14.0.1-28.1

MozillaFirefox-translations-common-14.0.1-28.1

MozillaFirefox-translations-other-14.0.1-28.1

References

https://www.suse.com/security/cve/CVE-2012-1948.html

https://www.suse.com/security/cve/CVE-2012-1949.html

https://www.suse.com/security/cve/CVE-2012-1950.html

https://www.suse.com/security/cve/CVE-2012-1951.html

https://www.suse.com/security/cve/CVE-2012-1952.html

https://www.suse.com/security/cve/CVE-2012-1953.html

https://www.suse.com/security/cve/CVE-2012-1954.html

https://www.suse.com/security/cve/CVE-2012-1955.html

https://www.suse.com/security/cve/CVE-2012-1957.html

https://www.suse.com/security/cve/CVE-2012-1958.html

https://www.suse.com/security/cve/CVE-2012-1959.html

https://www.suse.com/security/cve/CVE-2012-1961.html

https://www.suse.com/security/cve/CVE-2012-1962.html

https://www.suse.com/security/cve/CVE-2012-1963.html

https://www.suse.com/security/cve/CVE-2012-1964.html

https://www.suse.com/security/cve/CVE-2012-1965.html

https://www.suse.com/security/cve/CVE-2012-1966.html

https://www.suse.com/security/cve/CVE-2012-1967.html

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2012:0899-1
Rating: critical
Affected Products: openSUSE 12.1 openSUSE 11.4 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.