openSUSE: 2014:0448-1 Important: MozillaFirefox Memory Issues Fix
opensuse
March 26, 2014
An update that fixes 16 vulnerabilities is now available.
Description
Mozilla Firefox was updated to version 28.0, receiving
enhancements, bug and security fixes. Mozilla NSPR was
updated to 4.10.4 receiving enhancements, bug and security
fixes. Mozilla NSS was updated to 3.15.5 receiving
enhancements, bug and security fixes.
Changes in MozillaFirefox:
- update to Firefox 28.0 (bnc#868603)
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous
memory safety hazards
* MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds
read during WAV file decoding
* MFSA 2014-18/CVE-2014-1498 (bmo#935618)
crypto.generateCRMFRequest does not validate type of key
* MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack
on WebRTC permission prompt
* MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload
and Javascript navigation DOS
* MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content
injection from one domain to rendering in another
* MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content
Security Policy...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-256
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-256
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 13.1 (i586 x86_64):
MozillaFirefox-28.0-17.1
MozillaFirefox-branding-upstream-28.0-17.1
MozillaFirefox-buildsymbols-28.0-17.1
MozillaFirefox-debuginfo-28.0-17.1
MozillaFirefox-debugsource-28.0-17.1
MozillaFirefox-devel-28.0-17.1
MozillaFirefox-translations-common-28.0-17.1
MozillaFirefox-translations-other-28.0-17.1
libfreebl3-3.15.5-16.1
libfreebl3-debuginfo-3.15.5-16.1
libsoftokn3-3.15.5-16.1
libsoftokn3-debuginfo-3.15.5-16.1
mozilla-nspr-4.10.4-8.1
mozilla-nspr-debuginfo-4.10.4-8.1
mozilla-nspr-debugsource-4.10.4-8.1
mozilla-nspr-devel-4.10.4-8.1
mozilla-nss-3.15.5-16.1
mozilla-nss-certs-3.15.5-16.1
mozilla-nss-certs-debuginfo-3.15.5-16.1
mozilla-nss-debuginfo-3.15.5-16.1
mozilla-nss-debugsource-3.15.5-16.1
mozilla-nss-devel-3.15.5-16.1
mozilla-nss-sysinit-3.15.5-16.1
mozilla-nss-sysinit-debuginfo-3.15.5-16.1
mozilla-nss-tools-3.15.5-16.1
mozilla-nss-tools-debuginfo-3.15.5-16.1
- openSUSE 13.1 (x86_64):
libfreebl3-32bit-3.15.5-16.1
libfreebl3-debuginfo-32bit-3.15.5-16.1
libsoftokn3-32bit-3.15.5-16.1
li...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2014-1493.html
https://www.suse.com/security/cve/CVE-2014-1494.html
https://www.suse.com/security/cve/CVE-2014-1497.html
https://www.suse.com/security/cve/CVE-2014-1498.html
https://www.suse.com/security/cve/CVE-2014-1499.html
https://www.suse.com/security/cve/CVE-2014-1500.html
https://www.suse.com/security/cve/CVE-2014-1502.html
https://www.suse.com/security/cve/CVE-2014-1504.html
https://www.suse.com/security/cve/CVE-2014-1505.html
https://www.suse.com/security/cve/CVE-2014-1508.html
https://www.suse.com/security/cve/CVE-2014-1509.html
https://www.suse.com/security/cve/CVE-2014-1510.html
https://www.suse.com/security/cve/CVE-2014-1511.html
https://www.suse.com/security/cve/CVE-2014-1512.html
https://www.suse.com/security/cve/CVE-2014-1513.html
https://www.suse.com/security/cve/CVE-2014-1514.html
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2014:0448-1
Rating: important
Affected Products:
openSUSE 13.1
openSUSE 12.3
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!