Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

openSUSE: 2013:1142-1 Important: MozillaFirefox Security Update

opensuse
Calendar Grey July 4, 2013
Dist Opensuse Esm H88
New update released for MozillaFirefox on openSUSE, tackling critical vulnerabilities related to memory safety and potential code execution threats.
An update that fixes 16 vulnerabilities is now available

Description

MozillaFirefox was updated to Firefox 22.0 (bnc#825935)

Following security issues were fixed:

* MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous

memory safety hazards

* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686

Memory corruption found using Address Sanitizer

* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)

Privileged content access and execution via XBL

* MFSA 2013-52/CVE-2013-1688 (bmo#873966) Arbitrary code

execution within Profiler

* MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of

unmapped memory through onreadystatechange event

* MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the

body of XHR HEAD requests leads to CSRF attacks

* MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can

lead to information disclosure

* MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper

has inconsistent behavior

* MFSA 2013-57/CVE-2013-1695 (bmo#849791) Sandbox

restrictions not applied to nested frame...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-556

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-556

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.3 (i586 x86_64):

MozillaFirefox-22.0-1.25.1

MozillaFirefox-branding-upstream-22.0-1.25.1

MozillaFirefox-buildsymbols-22.0-1.25.1

MozillaFirefox-debuginfo-22.0-1.25.1

MozillaFirefox-debugsource-22.0-1.25.1

MozillaFirefox-devel-22.0-1.25.1

MozillaFirefox-translations-common-22.0-1.25.1

MozillaFirefox-translations-other-22.0-1.25.1

mozilla-nspr-4.9.6-1.10.1

mozilla-nspr-debuginfo-4.9.6-1.10.1

mozilla-nspr-debugsource-4.9.6-1.10.1

mozilla-nspr-devel-4.9.6-1.10.1

- openSUSE 12.3 (x86_64):

mozilla-nspr-32bit-4.9.6-1.10.1

mozilla-nspr-debuginfo-32bit-4.9.6-1.10.1

- openSUSE 12.2 (i586 x86_64):

MozillaFirefox-22.0-2.51.1

MozillaFirefox-branding-upstream-22.0-2.51.1

MozillaFirefox-buildsymbols-22.0-2.51.1

MozillaFirefox-debuginfo-22.0-2.51.1

MozillaFirefox-debugsource-22.0-2.51.1

MozillaFirefox-devel-22.0-2.51.1

MozillaFirefox-translations-common-22.0-2.51.1

MozillaFirefox-translations-other-22.0-2.51.1

References

https://www.suse.com/security/cve/CVE-2013-1682.html

https://www.suse.com/security/cve/CVE-2013-1683.html

https://www.suse.com/security/cve/CVE-2013-1684.html

https://www.suse.com/security/cve/CVE-2013-1685.html

https://www.suse.com/security/cve/CVE-2013-1686.html

https://www.suse.com/security/cve/CVE-2013-1687.html

https://www.suse.com/security/cve/CVE-2013-1688.html

https://www.suse.com/security/cve/CVE-2013-1690.html

https://www.suse.com/security/cve/CVE-2013-1692.html

https://www.suse.com/security/cve/CVE-2013-1693.html

https://www.suse.com/security/cve/CVE-2013-1694.html

https://www.suse.com/security/cve/CVE-2013-1695.html

https://www.suse.com/security/cve/CVE-2013-1696.html

https://www.suse.com/security/cve/CVE-2013-1697.html

https://www.suse.com/security/cve/CVE-2013-1698.html

https://www.suse.com/security/cve/CVE-2013-1699.html

https://login.microfocus.com/nidp/app/login?sid=0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2013:1142-1
Rating: important
Affected Products: openSUSE 12.3 openSUSE 12.2 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.