Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

openSUSE 12.3: 2013:0946-1 Important: MozillaFirefox Memory Flaws

opensuse
Calendar Grey June 10, 2013
Dist Opensuse Esm H88
Upgrade to MozillaFirefox 21.0 addressing various concerns for openSUSE 12.3 enhancing user protection and stability.
An update that fixes 12 vulnerabilities is now available.

Description

MozillaFirefox was updated to Firefox 21.0 (bnc#819204)

* MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous

memory safety hazards

* MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access

for content level constructor

* MFSA 2013-43/CVE-2013-1671 (bmo#842255) File input

control has access to full path

* MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free

with video and onresize event

* MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized

functions in DOMSVGZoomEvent

* MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/

CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory

corruption found using Address Sanitizer

Changes in MozillaFirefox-branding-openSUSE:

- modified file locations for Firefox 21 and above

- added DuckDuckGo as search option (bnc#801121)

Topics%20covered

Topics Covered

security advisory software issues memory safety important update service patch openSUSE MozillaFirefox

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-438

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.3 (i586 x86_64):

MozillaFirefox-21.0-1.18.1

MozillaFirefox-branding-openSUSE-21-2.5.1

MozillaFirefox-branding-upstream-21.0-1.18.1

MozillaFirefox-buildsymbols-21.0-1.18.1

MozillaFirefox-debuginfo-21.0-1.18.1

MozillaFirefox-debugsource-21.0-1.18.1

MozillaFirefox-devel-21.0-1.18.1

MozillaFirefox-translations-common-21.0-1.18.1

MozillaFirefox-translations-other-21.0-1.18.1

mozilla-nspr-4.9.6-1.7.1

mozilla-nspr-debuginfo-4.9.6-1.7.1

mozilla-nspr-debugsource-4.9.6-1.7.1

mozilla-nspr-devel-4.9.6-1.7.1

- openSUSE 12.3 (x86_64):

mozilla-nspr-32bit-4.9.6-1.7.1

mozilla-nspr-debuginfo-32bit-4.9.6-1.7.1

References

https://www.suse.com/security/cve/CVE-2013-0801.html

https://www.suse.com/security/cve/CVE-2013-1669.html

https://www.suse.com/security/cve/CVE-2013-1670.html

https://www.suse.com/security/cve/CVE-2013-1671.html

https://www.suse.com/security/cve/CVE-2013-1674.html

https://www.suse.com/security/cve/CVE-2013-1675.html

https://www.suse.com/security/cve/CVE-2013-1676.html

https://www.suse.com/security/cve/CVE-2013-1677.html

https://www.suse.com/security/cve/CVE-2013-1678.html

https://www.suse.com/security/cve/CVE-2013-1679.html

https://www.suse.com/security/cve/CVE-2013-1680.html

https://www.suse.com/security/cve/CVE-2013-1681.html

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2013:0946-1
Rating: important
Affected Products: openSUSE 12.3

Topics%20covered

Topics Covered

security advisory software issues memory safety important update service patch openSUSE MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here