openSUSE 11.4: 2013:1334-1 Critical: Mozilla Firefox Security Update
opensuse
August 14, 2013
An update that fixes 11 vulnerabilities is now available
Description
This patch contains updates for
- Firefox to 23.0
- xulrunner to 17.0.8esr
- Thunderbird to 17.0.8
- mozilla-nspr to 4.10
- mozilla-nss to 3.15,1
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous
memory safety hazards
* MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free
mutating DOM during SetBody
* MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer
underflow when generating CRMF requests
* MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during
WAV audio file decoding
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of
XrayWrappers using XBL Scopes
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch 2013-122
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 11.4 (i586 x86_64):
MozillaFirefox-23.0-83.1
MozillaFirefox-branding-upstream-23.0-83.1
MozillaFirefox-buildsymbols-23.0-83.1
MozillaFirefox-debuginfo-23.0-83.1
MozillaFirefox-debugsource-23.0-83.1
MozillaFirefox-devel-23.0-83.1
MozillaFirefox-translations-common-23.0-83.1
MozillaFirefox-translations-other-23.0-83.1
MozillaThunderbird-17.0.8-69.2
MozillaThunderbird-buildsymbols-17.0.8-69.2
MozillaThunderbird-debuginfo-17.0.8-69.2
MozillaThunderbird-debugsource-17.0.8-69.2
MozillaThunderbird-devel-17.0.8-69.2
MozillaThunderbird-devel-debuginfo-17.0.8-69.2
MozillaThunderbird-translations-common-17.0.8-69.2
MozillaThunderbird-translations-other-17.0.8-69.2
enigmail-1.5.2+17.0.8-69.2
enigmail-debuginfo-1.5.2+17.0.8-69.2
libfreebl3-3.15.1-62.1
libfreebl3-debuginfo-3.15.1-62.1
libsoftokn3-3.15.1-62.1
libsoftokn3-debuginfo-3.15.1-62.1
mozilla-nspr-4.10-28.1
mozilla-nspr-debuginfo-4.10-28.1
mozilla-nspr-debugsource-4.10-28.1
mozilla-nspr-devel-4.10-28.1
mozilla-nss-3.15.1-62.1
mozilla-nss-certs-3.15.1-62.1
mozi...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2013-1701.html
https://www.suse.com/security/cve/CVE-2013-1702.html
https://www.suse.com/security/cve/CVE-2013-1704.html
https://www.suse.com/security/cve/CVE-2013-1705.html
https://www.suse.com/security/cve/CVE-2013-1708.html
https://www.suse.com/security/cve/CVE-2013-1709.html
https://www.suse.com/security/cve/CVE-2013-1710.html
https://www.suse.com/security/cve/CVE-2013-1711.html
https://www.suse.com/security/cve/CVE-2013-1713.html
https://www.suse.com/security/cve/CVE-2013-1714.html
https://www.suse.com/security/cve/CVE-2013-1717.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2013:1334-1
Rating: important
Affected Products:
openSUSE 11.4
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!