Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

openSUSE 12.3/12.2: 2013:1143-1 Important xulrunner Security Issues

opensuse
Calendar Grey July 4, 2013
Dist Opensuse Esm H88
New update released for openSUSE: resolves 10 security vulnerabilities in xulrunner, enhancing system security and efficiency.
An update that fixes 10 vulnerabilities is now available

Description

Mozilla xulrunner was update to 17.0.7esr (bnc#825935)

Security issues fixed:

* MFSA 2013-49/CVE-2013-1682 Miscellaneous memory safety

hazards

* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686

Memory corruption found using Address Sanitizer

* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)

Privileged content access and execution via XBL

* MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of

unmapped memory through onreadystatechange event

* MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the

body of XHR HEAD requests leads to CSRF attacks

* MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can

lead to information disclosure

* MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper

has inconsistent behavior

* MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a

privileged context

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-555

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-555

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.3 (i586 x86_64):

mozilla-js-17.0.7-1.20.1

mozilla-js-debuginfo-17.0.7-1.20.1

xulrunner-17.0.7-1.20.1

xulrunner-buildsymbols-17.0.7-1.20.1

xulrunner-debuginfo-17.0.7-1.20.1

xulrunner-debugsource-17.0.7-1.20.1

xulrunner-devel-17.0.7-1.20.1

xulrunner-devel-debuginfo-17.0.7-1.20.1

- openSUSE 12.3 (x86_64):

mozilla-js-32bit-17.0.7-1.20.1

mozilla-js-debuginfo-32bit-17.0.7-1.20.1

xulrunner-32bit-17.0.7-1.20.1

xulrunner-debuginfo-32bit-17.0.7-1.20.1

- openSUSE 12.2 (i586 x86_64):

mozilla-js-17.0.7-2.46.1

mozilla-js-debuginfo-17.0.7-2.46.1

xulrunner-17.0.7-2.46.1

xulrunner-buildsymbols-17.0.7-2.46.1

xulrunner-debuginfo-17.0.7-2.46.1

xulrunner-debugsource-17.0.7-2.46.1

xulrunner-devel-17.0.7-2.46.1

xulrunner-devel-debuginfo-17.0.7-2.46.1

- openSUSE 12.2 (x86_64):

mozilla-js-32bit-17.0.7-2.46.1

mozilla-js-debuginfo-32bit-17.0.7-2.46.1

xulrunner-32bit-17.0.7-2.46.1

xulrunner-debuginfo-32bit-17.0.7-2.46.1

References

https://www.suse.com/security/cve/CVE-2013-1682.html

https://www.suse.com/security/cve/CVE-2013-1684.html

https://www.suse.com/security/cve/CVE-2013-1685.html

https://www.suse.com/security/cve/CVE-2013-1686.html

https://www.suse.com/security/cve/CVE-2013-1687.html

https://www.suse.com/security/cve/CVE-2013-1690.html

https://www.suse.com/security/cve/CVE-2013-1692.html

https://www.suse.com/security/cve/CVE-2013-1693.html

https://www.suse.com/security/cve/CVE-2013-1694.html

https://www.suse.com/security/cve/CVE-2013-1697.html

https://login.microfocus.com/nidp/app/login?sid=0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2013:1143-1
Rating: important
Affected Products: openSUSE 12.3 openSUSE 12.2 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.