openSUSE: 2012:0899-1: critical: MozillaFirefox
Description
MozillaFirefox was updated to 14.0.1 to fix various bugs
and security issues.
Following security issues were fixed: MFSA 2012-42: Mozilla
developers identified and fixed several memory safety bugs
in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence
of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these
could be exploited to run arbitrary code.
CVE-2012-1949: Brian Smith, Gary Kwong, Christian Holler,
Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey,
and Kyle Huey reported memory safety problems and crashes
that affect Firefox 13.
CVE-2012-1948: Benoit Jacob, Jesse Ruderman, Christian
Holler, and Bill McCloskey reported memory safety problems
and crashes that affect Firefox ESR 10 and Firefox 13.
MFSA 2012-43 / CVE-2012-1950: Security researcher Mario
Gomes andresearch firm Code Audit Labs reported a mechanism
to short-circuit page loads through drag and drop to the
addressbar by canceling the page load. This causes the
address of the previously site entered to be displayed in
the addressbar instead of the currently loaded page. This
could lead to potential phishing attacks on users.
MFSA 2012-44 Google security researcher Abhishek Arya used
the Address Sanitizer tool to uncover four issues: two
use-after-free problems, one out of bounds read bug, and a
bad cast. The first use-after-free problem is caused when
an array of nsSMILTimeValueSpec objects is destroyed but
attempts are made to call into objects in this array later.
The second use-after-free problem is in
nsDocument::AdoptNode when it adopts into an empty document
and then adopts into another document, emptying the first
one. The heap buffer overflow is in ElementAnimations when
data is read off of end of an array and then pointers are
dereferenced. The bad cast happens when
nsTableFrame::InsertFrames is called with frames in
aFrameList that are a mix of row group frames and column
group frames. AppendFrames is not able to handle this mix.
All four of these issues are potentially exploitable.
CVE-2012-1951: Heap-use-after-free in
nsSMILTimeValueSpec::IsEventBased CVE-2012-1954:
Heap-use-after-free in nsDocument::AdoptNode CVE-2012-1953:
Out of bounds read in ElementAnimations::EnsureStyleRuleFor
CVE-2012-1952: Bad cast in nsTableFrame::InsertFrames
MFSA 2012-45 / CVE-2012-1955: Security researcher Mariusz
Mlynski reported an issue with spoofing of the location
property. In this issue, calls to history.forward and
history.back are used to navigate to a site while
displaying the previous site in the addressbar but changing
the baseURI to the newer site. This can be used for
phishing by allowing the user input form or other data on
the newer, attacking, site while appearing to be on the
older, displayed site.
MFSA 2012-46 / CVE-2012-1966: Mozilla security researcher
moz_bug_r_a4 reported a cross-site scripting (XSS) attack
through the context menu using a data: URL. In this issue,
context menu functionality ("View Image", "Show only this
frame", and "View background image") are disallowed in a
javascript: URL but allowed in a data: URL, allowing for
XSS. This can lead to arbitrary code execution.
MFSA 2012-47 / CVE-2012-1957: Security researcher Mario
Heiderich reported that javascript could be executed in the
HTML feed-view using tag within the RSS
Patch
Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-410 - openSUSE 11.4: zypper in -t patch openSUSE-2012-410 To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 12.1 (i586 x86_64): MozillaFirefox-14.0.1-2.33.1 MozillaFirefox-branding-upstream-14.0.1-2.33.1 MozillaFirefox-buildsymbols-14.0.1-2.33.1 MozillaFirefox-debuginfo-14.0.1-2.33.1 MozillaFirefox-debugsource-14.0.1-2.33.1 MozillaFirefox-devel-14.0.1-2.33.1 MozillaFirefox-translations-common-14.0.1-2.33.1 MozillaFirefox-translations-other-14.0.1-2.33.1 - openSUSE 11.4 (i586 x86_64): MozillaFirefox-14.0.1-28.1 MozillaFirefox-branding-upstream-14.0.1-28.1 MozillaFirefox-buildsymbols-14.0.1-28.1 MozillaFirefox-debuginfo-14.0.1-28.1 MozillaFirefox-debugsource-14.0.1-28.1 MozillaFirefox-devel-14.0.1-28.1 MozillaFirefox-translations-common-14.0.1-28.1 MozillaFirefox-translations-other-14.0.1-28.1
References
https://www.suse.com/security/cve/CVE-2012-1948.html https://www.suse.com/security/cve/CVE-2012-1949.html https://www.suse.com/security/cve/CVE-2012-1950.html https://www.suse.com/security/cve/CVE-2012-1951.html https://www.suse.com/security/cve/CVE-2012-1952.html https://www.suse.com/security/cve/CVE-2012-1953.html https://www.suse.com/security/cve/CVE-2012-1954.html https://www.suse.com/security/cve/CVE-2012-1955.html https://www.suse.com/security/cve/CVE-2012-1957.html https://www.suse.com/security/cve/CVE-2012-1958.html https://www.suse.com/security/cve/CVE-2012-1959.html https://www.suse.com/security/cve/CVE-2012-1961.html https://www.suse.com/security/cve/CVE-2012-1962.html https://www.suse.com/security/cve/CVE-2012-1963.html https://www.suse.com/security/cve/CVE-2012-1964.html https://www.suse.com/security/cve/CVE-2012-1965.html https://www.suse.com/security/cve/CVE-2012-1966.html https://www.suse.com/security/cve/CVE-2012-1967.html https://bugzilla.novell.com/771583