openSUSE 12.3: 2013:1633-1 Important: Mozilla Suite Memory Safety
opensuse
November 7, 2013
An update that fixes 23 vulnerabilities is now available
Description
MozillaFirefox was updated to Firefox 25.0.
MozillaThunderbird was updated to Thunderbird 24.1.0.
Mozilla XULRunner was updated to 17.0.10esr. Mozilla NSPR
was updated to 4.10.1.
Changes in MozillaFirefox:
* requires NSS 3.15.2 or above
* MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
Miscellaneous memory safety hazards
* MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing
addressbar through SELECT element
* MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access
violation with XSLT and uninitialized data
* MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly
initialized memory and overflows in some JavaScript
functions
* MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to
cycle collected object during image decoding
* MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free
when updating offline cache
* MFSA 2013-99/CVE-2013-5598 (bmo#920515) Security bypass
of PDF.js checks using iframes
* MFSA...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2013-819
- openSUSE 12.2:
zypper in -t patch openSUSE-2013-819
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 12.3 (i586 x86_64):
MozillaFirefox-25.0-1.39.1
MozillaFirefox-branding-upstream-25.0-1.39.1
MozillaFirefox-buildsymbols-25.0-1.39.1
MozillaFirefox-debuginfo-25.0-1.39.1
MozillaFirefox-debugsource-25.0-1.39.1
MozillaFirefox-devel-25.0-1.39.1
MozillaFirefox-translations-common-25.0-1.39.1
MozillaFirefox-translations-other-25.0-1.39.1
MozillaThunderbird-24.1.0-61.31.1
MozillaThunderbird-buildsymbols-24.1.0-61.31.1
MozillaThunderbird-debuginfo-24.1.0-61.31.1
MozillaThunderbird-debugsource-24.1.0-61.31.1
MozillaThunderbird-devel-24.1.0-61.31.1
MozillaThunderbird-translations-common-24.1.0-61.31.1
MozillaThunderbird-translations-other-24.1.0-61.31.1
enigmail-1.6.0+24.1.0-61.31.1
enigmail-debuginfo-1.6.0+24.1.0-61.31.1
mozilla-js-17.0.10-1.30.2
mozilla-js-debuginfo-17.0.10-1.30.2
mozilla-nspr-4.10.1-1.18.1
mozilla-nspr-debuginfo-4.10.1-1.18.1
mozilla-nspr-debugsource-4.10.1-1.18.1
mozilla-nspr-devel-4.10.1-1.18.1
xulrunner-17.0.10-1.30.2
xulrunner-buildsymbols-17.0.10-1.30.2
xulrunner-debuginfo-17.0.10-1.30...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2013-1705.html
https://www.suse.com/security/cve/CVE-2013-1718.html
https://www.suse.com/security/cve/CVE-2013-1722.html
https://www.suse.com/security/cve/CVE-2013-1725.html
https://www.suse.com/security/cve/CVE-2013-1730.html
https://www.suse.com/security/cve/CVE-2013-1732.html
https://www.suse.com/security/cve/CVE-2013-1735.html
https://www.suse.com/security/cve/CVE-2013-1736.html
https://www.suse.com/security/cve/CVE-2013-1737.html
https://www.suse.com/security/cve/CVE-2013-5590.html
https://www.suse.com/security/cve/CVE-2013-5591.html
https://www.suse.com/security/cve/CVE-2013-5592.html
https://www.suse.com/security/cve/CVE-2013-5593.html
https://www.suse.com/security/cve/CVE-2013-5595.html
https://www.suse.com/security/cve/CVE-2013-5596.html
https://www.suse.com/security/cve/CVE-2013-5597.html
https://www.suse.com/security/cve/CVE-2013-5598.html
https://www.suse.com/security/cve/CVE-2013-5599.html
https://www.suse.com/security/cve/CVE-2013-5600.html
https://www....
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2013:1633-1
Rating: important
Affected Products:
openSUSE 12.3
openSUSE 12.2
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!