Stay Secure with the Latest Linux Advisories

security advisoryimportant updateXSS attack

openSUSE 12.2/12.3: 2013:1348-1 Important: Mozilla Software Update

An update that fixes 11 vulnerabilities is now available. An update that fixes 11 vulnerabilities is now available. An update that fixes 11 vulnerabilities is now available.. openSUSE Security Update: update for MozillaFirefox, MozillaThunderbird, mozilla-nspr, mozilla-nss, seamonkey, xulrunner ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1348-1 Rating: important References: #833389 Cross-References: CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: Changes in seamonkey: - update to SeaMonkey 2.20 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in seamonkey: - update to SeaMonkey 2.20 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in xulrunner: - update to 17.0.8esr (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in xulrunner: - update to 17.0.8esr (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709(bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in MozillaThunderbird: - update to Thunderbird 17.0.8 (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 * bugfix release Changes in MozillaThunderbird: - update to Thunderbird 17.0.8 (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 * bugfix release Changes in mozilla-nss: - fix 32bitrequirement, it's without () actually - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item-> len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. * New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. * New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE * Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. * a lot of bugfixes - Add Source URL, see https://en.opensuse.org/SourceUrls Changes in mozilla-nss: - fix 32bit requirement, it's without () actually - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item-> len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. * New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. * New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE * Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. * a lot of bugfixes - Add Source URL, see https://en.opensuse.org/SourceUrls Changes in mozilla-nspr: - update to version 4.10 * bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena. * bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf. * bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10. * bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c. * bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h. * bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux. * bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority. Changes in mozilla-nspr: - update to version 4.10 * bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena. * bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf. * bmo#856196: Fix compiler warnings andclean up code in NSPR 4.10. * bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c. * bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h. * bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux. * bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority. Changes in MozillaFirefox: - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/) Changes in MozillaFirefox: - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-652 - openSUSE 12.2: zypper in -t patch openSUSE-2013-652 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): MozillaFirefox-23.0-1.29.1 MozillaFirefox-branding-upstream-23.0-1.29.1 MozillaFirefox-buildsymbols-23.0-1.29.1 MozillaFirefox-debuginfo-23.0-1.29.1 MozillaFirefox-debugsource-23.0-1.29.1 MozillaFirefox-devel-23.0-1.29.1 MozillaFirefox-translations-common-23.0-1.29.1 MozillaFirefox-translations-other-23.0-1.29.1 MozillaThunderbird-17.0.8-61.21.2 MozillaThunderbird-buildsymbols-17.0.8-61.21.2 MozillaThunderbird-debuginfo-17.0.8-61.21.2 MozillaThunderbird-debugsource-17.0.8-61.21.2 MozillaThunderbird-devel-17.0.8-61.21.2 MozillaThunderbird-devel-debuginfo-17.0.8-61.21.2 MozillaThunderbird-translations-common-17.0.8-61.21.2 MozillaThunderbird-translations-other-17.0.8-61.21.2 enigmail-1.5.2+17.0.8-61.21.2 enigmail-debuginfo-1.5.2+17.0.8-61.21.2 libfreebl3-3.15.1-1.12.1 libfreebl3-debuginfo-3.15.1-1.12.1 libsoftokn3-3.15.1-1.12.1 libsoftokn3-debuginfo-3.15.1-1.12.1 mozilla-js-17.0.8-1.24.1 mozilla-js-debuginfo-17.0.8-1.24.1 mozilla-nspr-4.10-1.14.1 mozilla-nspr-debuginfo-4.10-1.14.1 mozilla-nspr-debugsource-4.10-1.14.1 mozilla-nspr-devel-4.10-1.14.1 mozilla-nss-3.15.1-1.12.1 mozilla-nss-certs-3.15.1-1.12.1 mozilla-nss-certs-debuginfo-3.15.1-1.12.1 mozilla-nss-debuginfo-3.15.1-1.12.1 mozilla-nss-debugsource-3.15.1-1.12.1 mozilla-nss-devel-3.15.1-1.12.1 mozilla-nss-sysinit-3.15.1-1.12.1 mozilla-nss-sysinit-debuginfo-3.15.1-1.12.1 mozilla-nss-tools-3.15.1-1.12.1 mozilla-nss-tools-debuginfo-3.15.1-1.12.1 seamonkey-2.20-1.16.1 seamonkey-debuginfo-2.20-1.16.1 seamonkey-debugsource-2.20-1.16.1 seamonkey-dom-inspector-2.20-1.16.1 seamonkey-irc-2.20-1.16.1 seamonkey-translations-common-2.20-1.16.1 seamonkey-translations-other-2.20-1.16.1 seamonkey-venkman-2.20-1.16.1 xulrunner-17.0.8-1.24.1 xulrunner-buildsymbols-17.0.8-1.24.1 xulrunner-debuginfo-17.0.8-1.24.1 xulrunner-debugsource-17.0.8-1.24.1 xulrunner-devel-17.0.8-1.24.1 xulrunner-devel-debuginfo-17.0.8-1.24.1 - openSUSE 12.3 (x86_64): libfreebl3-32bit-3.15.1-1.12.1 libfreebl3-debuginfo-32bit-3.15.1-1.12.1 libsoftokn3-32bit-3.15.1-1.12.1 libsoftokn3-debuginfo-32bit-3.15.1-1.12.1 mozilla-js-32bit-17.0.8-1.24.1 mozilla-js-debuginfo-32bit-17.0.8-1.24.1 mozilla-nspr-32bit-4.10-1.14.1 mozilla-nspr-debuginfo-32bit-4.10-1.14.1 mozilla-nss-32bit-3.15.1-1.12.1 mozilla-nss-certs-32bit-3.15.1-1.12.1 mozilla-nss-certs-debuginfo-32bit-3.15.1-1.12.1 mozilla-nss-debuginfo-32bit-3.15.1-1.12.1 mozilla-nss-sysinit-32bit-3.15.1-1.12.1 mozilla-nss-sysinit-debuginfo-32bit-3.15.1-1.12.1 xulrunner-32bit-17.0.8-1.24.1 xulrunner-debuginfo-32bit-17.0.8-1.24.1 - openSUSE 12.2 (i586 x86_64): MozillaFirefox-23.0-2.55.1 MozillaFirefox-branding-upstream-23.0-2.55.1 MozillaFirefox-buildsymbols-23.0-2.55.1 MozillaFirefox-debuginfo-23.0-2.55.1 MozillaFirefox-debugsource-23.0-2.55.1 MozillaFirefox-devel-23.0-2.55.1 MozillaFirefox-translations-common-23.0-2.55.1 MozillaFirefox-translations-other-23.0-2.55.1 MozillaThunderbird-17.0.8-49.51.2 MozillaThunderbird-buildsymbols-17.0.8-49.51.2 MozillaThunderbird-debuginfo-17.0.8-49.51.2 MozillaThunderbird-debugsource-17.0.8-49.51.2 MozillaThunderbird-devel-17.0.8-49.51.2 MozillaThunderbird-devel-debuginfo-17.0.8-49.51.2 MozillaThunderbird-translations-common-17.0.8-49.51.2 MozillaThunderbird-translations-other-17.0.8-49.51.2 enigmail-1.5.2+17.0.8-49.51.2 enigmail-debuginfo-1.5.2+17.0.8-49.51.2 libfreebl3-3.15.1-2.23.1 libfreebl3-debuginfo-3.15.1-2.23.1 libsoftokn3-3.15.1-2.23.1 libsoftokn3-debuginfo-3.15.1-2.23.1 mozilla-js-17.0.8-2.50.1 mozilla-js-debuginfo-17.0.8-2.50.1 mozilla-nspr-4.10-1.16.1 mozilla-nspr-debuginfo-4.10-1.16.1 mozilla-nspr-debugsource-4.10-1.16.1 mozilla-nspr-devel-4.10-1.16.1 mozilla-nss-3.15.1-2.23.1 mozilla-nss-certs-3.15.1-2.23.1 mozilla-nss-certs-debuginfo-3.15.1-2.23.1 mozilla-nss-debuginfo-3.15.1-2.23.1 mozilla-nss-debugsource-3.15.1-2.23.1 mozilla-nss-devel-3.15.1-2.23.1 mozilla-nss-sysinit-3.15.1-2.23.1 mozilla-nss-sysinit-debuginfo-3.15.1-2.23.1 mozilla-nss-tools-3.15.1-2.23.1 mozilla-nss-tools-debuginfo-3.15.1-2.23.1 seamonkey-2.20-2.46.1 seamonkey-debuginfo-2.20-2.46.1 seamonkey-debugsource-2.20-2.46.1 seamonkey-dom-inspector-2.20-2.46.1 seamonkey-irc-2.20-2.46.1 seamonkey-translations-common-2.20-2.46.1 seamonkey-translations-other-2.20-2.46.1 seamonkey-venkman-2.20-2.46.1 xulrunner-17.0.8-2.50.1 xulrunner-buildsymbols-17.0.8-2.50.1 xulrunner-debuginfo-17.0.8-2.50.1 xulrunner-debugsource-17.0.8-2.50.1 xulrunner-devel-17.0.8-2.50.1 xulrunner-devel-debuginfo-17.0.8-2.50.1 - openSUSE 12.2 (x86_64): libfreebl3-32bit-3.15.1-2.23.1 libfreebl3-debuginfo-32bit-3.15.1-2.23.1 libsoftokn3-32bit-3.15.1-2.23.1 libsoftokn3-debuginfo-32bit-3.15.1-2.23.1 mozilla-js-32bit-17.0.8-2.50.1 mozilla-js-debuginfo-32bit-17.0.8-2.50.1 mozilla-nspr-32bit-4.10-1.16.1 mozilla-nspr-debuginfo-32bit-4.10-1.16.1 mozilla-nss-32bit-3.15.1-2.23.1 mozilla-nss-certs-32bit-3.15.1-2.23.1 mozilla-nss-certs-debuginfo-32bit-3.15.1-2.23.1 mozilla-nss-debuginfo-32bit-3.15.1-2.23.1 mozilla-nss-sysinit-32bit-3.15.1-2.23.1 mozilla-nss-sysinit-debuginfo-32bit-3.15.1-2.23.1 xulrunner-32bit-17.0.8-2.50.1 xulrunner-debuginfo-32bit-17.0.8-2.50.1 References: https://www.suse.com/security/cve/CVE-2013-1701.html https://www.suse.com/security/cve/CVE-2013-1702.html https://www.suse.com/security/cve/CVE-2013-1704.html https://www.suse.com/security/cve/CVE-2013-1705.html https://www.suse.com/security/cve/CVE-2013-1708.html https://www.suse.com/security/cve/CVE-2013-1709.html https://www.suse.com/security/cve/CVE-2013-1710.html https://www.suse.com/security/cve/CVE-2013-1711.html https://www.suse.com/security/cve/CVE-2013-1713.html https://www.suse.com/security/cve/CVE-2013-1714.html https://www.suse.com/security/cve/CVE-2013-1717.html . Critical openSUSE notification: Mozilla addresses 11 security flaws in Firefox and Thunderbird. Urgent measures required.. openSUSE Patch, Mozilla security, NVU vulnerabilities, important updates. . Severity: Important. LinuxSecurity.com Team

Aug 16, 2013 •Important OpenSUSE