openSUSE Security Update: Mozilla updates 10/2013
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:1634-1
Rating:             important
References:         #847708 
Cross-References:   CVE-2013-5590 CVE-2013-5591 CVE-2013-5592
                    CVE-2013-5593 CVE-2013-5595 CVE-2013-5596
                    CVE-2013-5597 CVE-2013-5599 CVE-2013-5600
                    CVE-2013-5601 CVE-2013-5602 CVE-2013-5603
                    CVE-2013-5604
Affected Products:
                    openSUSE 11.4
______________________________________________________________________________

   An update that fixes 13 vulnerabilities is now available.

Description:

   Update NSPR to 4.10.1 Update Thunderbird to 24.1.0 (incl.
   enigmail 1.6) Update Firefox to 24.1.0esr

   Changes in MozillaFirefox:
   * requires NSS 3.15.2 or above
   * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
   Miscellaneous memory safety hazards
   * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing
   addressbar through SELECT element
   * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access
   violation with XSLT and uninitialized data
   * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly
   initialized memory and overflows in some JavaScript
   functions
   * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to
   cycle collected object during image decoding
   * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free
   when updating offline cache
   * MFSA 2013-99/CVE-2013-5598 (bmo#920515) Security bypass
   of PDF.js checks using iframes
   * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
   (bmo#915210, bmo#915576, bmo#916685) Miscellaneous
   use-after-free issues found through ASAN fuzzing
   * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory
   corruption in workers   * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free
   in HTML document templates

   Changes in MozillaThunderbird:
   * requires NSS 3.15.2 or above
   * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
   Miscellaneous memory safety hazards
   * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing
   addressbar through SELECT element
   * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access
   violation with XSLT and uninitialized data
   * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly
   initialized memory and overflows in some JavaScript
   functions
   * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to
   cycle collected object during image decoding
   * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free
   when updating offline cache
   * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
   (bmo#915210, bmo#915576, bmo#916685) Miscellaneous
   use-after-free issues found through ASAN fuzzing
   * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory
   corruption in workers   * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free
   in HTML document templates

   - update to Thunderbird 24.0.1
   * fqdn for smtp server name was not accepted (bmo#913785)
   * fixed crash in PL_strncasecmp (bmo#917955)
   - update Enigmail to 1.6
   * The passphrase timeout configuration in Enigmail is now
   read and written from/to gpg-agent.
   * New dialog to change the expiry date of keys
   * New function to search for the OpenPGP keys of all
   Address Book entries on a keyserver
   * removed obsolete enigmail-build.patch

   Changes in mozilla-nspr:
   - update to version 4.10.1
   * bmo#888273: RWIN Scaling (RFC1323) limited to 2 on
   Windows 7 and 8 (Windows only)
   * bmo#907512: Unix platforms shouldn't mask errors   specific to Unix domain sockets


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch 2013-155

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4 (i586 x86_64):

      MozillaFirefox-24.1.0-91.1
      MozillaFirefox-branding-upstream-24.1.0-91.1
      MozillaFirefox-buildsymbols-24.1.0-91.1
      MozillaFirefox-debuginfo-24.1.0-91.1
      MozillaFirefox-debugsource-24.1.0-91.1
      MozillaFirefox-devel-24.1.0-91.1
      MozillaFirefox-translations-common-24.1.0-91.1
      MozillaFirefox-translations-other-24.1.0-91.1
      MozillaThunderbird-24.1.0-77.2
      MozillaThunderbird-buildsymbols-24.1.0-77.2
      MozillaThunderbird-debuginfo-24.1.0-77.2
      MozillaThunderbird-debugsource-24.1.0-77.2
      MozillaThunderbird-devel-24.1.0-77.2
      MozillaThunderbird-translations-common-24.1.0-77.2
      MozillaThunderbird-translations-other-24.1.0-77.2
      enigmail-1.6.0+24.1.0-77.2
      mozilla-nspr-4.10.1-32.1
      mozilla-nspr-debuginfo-4.10.1-32.1
      mozilla-nspr-debugsource-4.10.1-32.1
      mozilla-nspr-devel-4.10.1-32.1
      seamonkey-2.22-81.1
      seamonkey-debuginfo-2.22-81.1
      seamonkey-debugsource-2.22-81.1
      seamonkey-dom-inspector-2.22-81.1
      seamonkey-irc-2.22-81.1
      seamonkey-translations-common-2.22-81.1
      seamonkey-translations-other-2.22-81.1
      seamonkey-venkman-2.22-81.1

   - openSUSE 11.4 (x86_64):

      mozilla-nspr-32bit-4.10.1-32.1
      mozilla-nspr-debuginfo-32bit-4.10.1-32.1

   - openSUSE 11.4 (ia64):

      mozilla-nspr-debuginfo-x86-4.10.1-32.1
      mozilla-nspr-x86-4.10.1-32.1


References:

   https://www.suse.com/security/cve/CVE-2013-5590.html
   https://www.suse.com/security/cve/CVE-2013-5591.html
   https://www.suse.com/security/cve/CVE-2013-5592.html
   https://www.suse.com/security/cve/CVE-2013-5593.html
   https://www.suse.com/security/cve/CVE-2013-5595.html
   https://www.suse.com/security/cve/CVE-2013-5596.html
   https://www.suse.com/security/cve/CVE-2013-5597.html
   https://www.suse.com/security/cve/CVE-2013-5599.html
   https://www.suse.com/security/cve/CVE-2013-5600.html
   https://www.suse.com/security/cve/CVE-2013-5601.html
   https://www.suse.com/security/cve/CVE-2013-5602.html
   https://www.suse.com/security/cve/CVE-2013-5603.html
   https://www.suse.com/security/cve/CVE-2013-5604.html
   https://bugzilla.novell.com/847708

openSUSE: 2013:1634-1: important: Mozilla updates 10/2013

November 7, 2013
An update that fixes 13 vulnerabilities is now available

Description

Update NSPR to 4.10.1 Update Thunderbird to 24.1.0 (incl. enigmail 1.6) Update Firefox to 24.1.0esr Changes in MozillaFirefox: * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache * MFSA 2013-99/CVE-2013-5598 (bmo#920515) Security bypass of PDF.js checks using iframes * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free in HTML document templates Changes in MozillaThunderbird: * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free in HTML document templates - update to Thunderbird 24.0.1 * fqdn for smtp server name was not accepted (bmo#913785) * fixed crash in PL_strncasecmp (bmo#917955) - update Enigmail to 1.6 * The passphrase timeout configuration in Enigmail is now read and written from/to gpg-agent. * New dialog to change the expiry date of keys * New function to search for the OpenPGP keys of all Address Book entries on a keyserver * removed obsolete enigmail-build.patch Changes in mozilla-nspr: - update to version 4.10.1 * bmo#888273: RWIN Scaling (RFC1323) limited to 2 on Windows 7 and 8 (Windows only) * bmo#907512: Unix platforms shouldn't mask errors specific to Unix domain sockets

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-155 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 11.4 (i586 x86_64): MozillaFirefox-24.1.0-91.1 MozillaFirefox-branding-upstream-24.1.0-91.1 MozillaFirefox-buildsymbols-24.1.0-91.1 MozillaFirefox-debuginfo-24.1.0-91.1 MozillaFirefox-debugsource-24.1.0-91.1 MozillaFirefox-devel-24.1.0-91.1 MozillaFirefox-translations-common-24.1.0-91.1 MozillaFirefox-translations-other-24.1.0-91.1 MozillaThunderbird-24.1.0-77.2 MozillaThunderbird-buildsymbols-24.1.0-77.2 MozillaThunderbird-debuginfo-24.1.0-77.2 MozillaThunderbird-debugsource-24.1.0-77.2 MozillaThunderbird-devel-24.1.0-77.2 MozillaThunderbird-translations-common-24.1.0-77.2 MozillaThunderbird-translations-other-24.1.0-77.2 enigmail-1.6.0+24.1.0-77.2 mozilla-nspr-4.10.1-32.1 mozilla-nspr-debuginfo-4.10.1-32.1 mozilla-nspr-debugsource-4.10.1-32.1 mozilla-nspr-devel-4.10.1-32.1 seamonkey-2.22-81.1 seamonkey-debuginfo-2.22-81.1 seamonkey-debugsource-2.22-81.1 seamonkey-dom-inspector-2.22-81.1 seamonkey-irc-2.22-81.1 seamonkey-translations-common-2.22-81.1 seamonkey-translations-other-2.22-81.1 seamonkey-venkman-2.22-81.1 - openSUSE 11.4 (x86_64): mozilla-nspr-32bit-4.10.1-32.1 mozilla-nspr-debuginfo-32bit-4.10.1-32.1 - openSUSE 11.4 (ia64): mozilla-nspr-debuginfo-x86-4.10.1-32.1 mozilla-nspr-x86-4.10.1-32.1


References

https://www.suse.com/security/cve/CVE-2013-5590.html https://www.suse.com/security/cve/CVE-2013-5591.html https://www.suse.com/security/cve/CVE-2013-5592.html https://www.suse.com/security/cve/CVE-2013-5593.html https://www.suse.com/security/cve/CVE-2013-5595.html https://www.suse.com/security/cve/CVE-2013-5596.html https://www.suse.com/security/cve/CVE-2013-5597.html https://www.suse.com/security/cve/CVE-2013-5599.html https://www.suse.com/security/cve/CVE-2013-5600.html https://www.suse.com/security/cve/CVE-2013-5601.html https://www.suse.com/security/cve/CVE-2013-5602.html https://www.suse.com/security/cve/CVE-2013-5603.html https://www.suse.com/security/cve/CVE-2013-5604.html https://bugzilla.novell.com/847708


Severity
Announcement ID: openSUSE-SU-2013:1634-1
Rating: important
Affected Products: openSUSE 11.4 .

Related News

Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved