[security-announce] openSUSE-SU-2012:1345-1: important: MozillaFirefox: update to Firefox 16.0.1

news · October 15, 2012

openSUSE Security Update: MozillaFirefox: update to Firefox 16.0.1

______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:1345-1

Rating: important

References: #783533

Cross-References: CVE-2012-3982 CVE-2012-3983 CVE-2012-3984

CVE-2012-3985 CVE-2012-3986 CVE-2012-3988

CVE-2012-3989 CVE-2012-3990 CVE-2012-3991

CVE-2012-3992 CVE-2012-3993 CVE-2012-3994

CVE-2012-3995 CVE-2012-4179 CVE-2012-4180

CVE-2012-4182 CVE-2012-4183 CVE-2012-4184

CVE-2012-4185 CVE-2012-4186 CVE-2012-4187

CVE-2012-4188 CVE-2012-4191 CVE-2012-4192

CVE-2012-4193

Affected Products:

openSUSE 12.2

openSUSE 12.1

openSUSE 11.4

______________________________________________________________________________

An update that fixes 25 vulnerabilities is now available.

Description:

The Mozilla suite received following security updates

(bnc#783533):

Mozilla Firefox was updated to 16.0.1. Mozilla Seamonkey

was updated to 2.13.1. Mozilla Thunderbird was updated to

16.0.1. Mozilla XULRunner was updated to 16.0.1.

* MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous

memory safety hazards

* MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952,

bmo#720619) defaultValue security checks not applied

* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous

memory safety hazards

* MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element

persistance allows for attacks

* MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued

access to initial origin after setting document.domain

* MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some

DOMWindowUtils methods bypass security checks

* MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash

with full screen and history navigation

* MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with

invalid cast when using instanceof operator

* MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty

function can bypass security checks

* MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and

location property accessible by plugins

* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101,

bmo#780370) Chrome Object Wrapper (COW) does not

disallow acces to privileged functions or properties

* MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and

script injection through location.hash

* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/

CVE-2012-4181/CVE-2012-4182/CVE-2012-4183

Use-after-free, buffer overflow, and out of bounds read

issues found using Address Sanitizer

* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/

CVE-2012-4188 Heap memory corruption issues found using

Address Sanitizer

* MFSA 2012-87/CVE-2012-3990 (bmo#787704)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2012-709

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-709

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-709

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 12.2 (i586 x86_64):

MozillaFirefox-16.0.1-2.17.1

MozillaFirefox-branding-upstream-16.0.1-2.17.1

MozillaFirefox-buildsymbols-16.0.1-2.17.1

MozillaFirefox-debuginfo-16.0.1-2.17.1

MozillaFirefox-debugsource-16.0.1-2.17.1

MozillaFirefox-devel-16.0.1-2.17.1

MozillaFirefox-translations-common-16.0.1-2.17.1

MozillaFirefox-translations-other-16.0.1-2.17.1

MozillaThunderbird-16.0.1-49.15.1

MozillaThunderbird-buildsymbols-16.0.1-49.15.1

MozillaThunderbird-debuginfo-16.0.1-49.15.1

MozillaThunderbird-debugsource-16.0.1-49.15.1

MozillaThunderbird-devel-16.0.1-49.15.1

MozillaThunderbird-devel-debuginfo-16.0.1-49.15.1

MozillaThunderbird-translations-common-16.0.1-49.15.1

MozillaThunderbird-translations-other-16.0.1-49.15.1

enigmail-1.4.5.+16.0.1-49.15.1

enigmail-debuginfo-1.4.5.+16.0.1-49.15.1

mozilla-js-16.0.1-2.14.1

mozilla-js-debuginfo-16.0.1-2.14.1

mozilla-kde4-integration-0.6.4-10.4.1

mozilla-kde4-integration-debuginfo-0.6.4-10.4.1

mozilla-kde4-integration-debugsource-0.6.4-10.4.1

seamonkey-2.13.1-2.18.1

seamonkey-debuginfo-2.13.1-2.18.1

seamonkey-debugsource-2.13.1-2.18.1

seamonkey-dom-inspector-2.13.1-2.18.1

seamonkey-irc-2.13.1-2.18.1

seamonkey-translations-common-2.13.1-2.18.1

seamonkey-translations-other-2.13.1-2.18.1

seamonkey-venkman-2.13.1-2.18.1

xulrunner-16.0.1-2.14.1

xulrunner-buildsymbols-16.0.1-2.14.1

xulrunner-debuginfo-16.0.1-2.14.1

xulrunner-debugsource-16.0.1-2.14.1

xulrunner-devel-16.0.1-2.14.1

xulrunner-devel-debuginfo-16.0.1-2.14.1

- openSUSE 12.2 (x86_64):

mozilla-js-32bit-16.0.1-2.14.1

mozilla-js-debuginfo-32bit-16.0.1-2.14.1

xulrunner-32bit-16.0.1-2.14.1

xulrunner-debuginfo-32bit-16.0.1-2.14.1

- openSUSE 12.1 (i586 x86_64):

MozillaFirefox-16.0.1-2.46.1

MozillaFirefox-branding-upstream-16.0.1-2.46.1

MozillaFirefox-buildsymbols-16.0.1-2.46.1

MozillaFirefox-debuginfo-16.0.1-2.46.1

MozillaFirefox-debugsource-16.0.1-2.46.1

MozillaFirefox-devel-16.0.1-2.46.1

MozillaFirefox-translations-common-16.0.1-2.46.1

MozillaFirefox-translations-other-16.0.1-2.46.1

MozillaThunderbird-16.0.1-33.35.1

MozillaThunderbird-buildsymbols-16.0.1-33.35.1

MozillaThunderbird-debuginfo-16.0.1-33.35.1

MozillaThunderbird-debugsource-16.0.1-33.35.1

MozillaThunderbird-devel-16.0.1-33.35.1

MozillaThunderbird-devel-debuginfo-16.0.1-33.35.1

MozillaThunderbird-translations-common-16.0.1-33.35.1

MozillaThunderbird-translations-other-16.0.1-33.35.1

enigmail-1.4.5.+16.0.1-33.35.1

enigmail-debuginfo-1.4.5.+16.0.1-33.35.1

mozilla-js-16.0.1-2.41.1

mozilla-js-debuginfo-16.0.1-2.41.1

mozilla-kde4-integration-0.6.4-6.4.1

mozilla-kde4-integration-debuginfo-0.6.4-6.4.1

mozilla-kde4-integration-debugsource-0.6.4-6.4.1

seamonkey-2.13.1-2.37.1

seamonkey-debuginfo-2.13.1-2.37.1

seamonkey-debugsource-2.13.1-2.37.1

seamonkey-dom-inspector-2.13.1-2.37.1

seamonkey-irc-2.13.1-2.37.1

seamonkey-translations-common-2.13.1-2.37.1

seamonkey-translations-other-2.13.1-2.37.1

seamonkey-venkman-2.13.1-2.37.1

xulrunner-16.0.1-2.41.1

xulrunner-buildsymbols-16.0.1-2.41.1

xulrunner-debuginfo-16.0.1-2.41.1

xulrunner-debugsource-16.0.1-2.41.1

xulrunner-devel-16.0.1-2.41.1

xulrunner-devel-debuginfo-16.0.1-2.41.1

- openSUSE 12.1 (x86_64):

mozilla-js-32bit-16.0.1-2.41.1

mozilla-js-debuginfo-32bit-16.0.1-2.41.1

xulrunner-32bit-16.0.1-2.41.1

xulrunner-debuginfo-32bit-16.0.1-2.41.1

- openSUSE 12.1 (ia64):

mozilla-js-debuginfo-x86-16.0.1-2.41.1

mozilla-js-x86-16.0.1-2.41.1

xulrunner-debuginfo-x86-16.0.1-2.41.1

xulrunner-x86-16.0.1-2.41.1

- openSUSE 11.4 (i586 x86_64):

MozillaFirefox-16.0.1-41.1

MozillaFirefox-branding-upstream-16.0.1-41.1

MozillaFirefox-buildsymbols-16.0.1-41.1

MozillaFirefox-debuginfo-16.0.1-41.1

MozillaFirefox-debugsource-16.0.1-41.1

MozillaFirefox-devel-16.0.1-41.1

MozillaFirefox-translations-common-16.0.1-41.1

MozillaFirefox-translations-other-16.0.1-41.1

MozillaThunderbird-16.0.1-33.1

MozillaThunderbird-buildsymbols-16.0.1-33.1

MozillaThunderbird-debuginfo-16.0.1-33.1

MozillaThunderbird-debugsource-16.0.1-33.1

MozillaThunderbird-devel-16.0.1-33.1

MozillaThunderbird-devel-debuginfo-16.0.1-33.1

MozillaThunderbird-translations-common-16.0.1-33.1

MozillaThunderbird-translations-other-16.0.1-33.1

enigmail-1.4.5.+16.0.1-33.1

enigmail-debuginfo-1.4.5.+16.0.1-33.1

mozilla-kde4-integration-0.6.4-6.1

mozilla-kde4-integration-debuginfo-0.6.4-6.1

mozilla-kde4-integration-debugsource-0.6.4-6.1

seamonkey-2.13.1-37.1

seamonkey-debuginfo-2.13.1-37.1

seamonkey-debugsource-2.13.1-37.1

seamonkey-dom-inspector-2.13.1-37.1

seamonkey-irc-2.13.1-37.1

seamonkey-translations-common-2.13.1-37.1

seamonkey-translations-other-2.13.1-37.1

seamonkey-venkman-2.13.1-37.1

References:

http://support.novell.com/security/cve/CVE-2012-3982.html

http://support.novell.com/security/cve/CVE-2012-3983.html

http://support.novell.com/security/cve/CVE-2012-3984.html

http://support.novell.com/security/cve/CVE-2012-3985.html

http://support.novell.com/security/cve/CVE-2012-3986.html

http://support.novell.com/security/cve/CVE-2012-3988.html

http://support.novell.com/security/cve/CVE-2012-3989.html

http://support.novell.com/security/cve/CVE-2012-3990.html

http://support.novell.com/security/cve/CVE-2012-3991.html

http://support.novell.com/security/cve/CVE-2012-3992.html

http://support.novell.com/security/cve/CVE-2012-3993.html

http://support.novell.com/security/cve/CVE-2012-3994.html

http://support.novell.com/security/cve/CVE-2012-3995.html

http://support.novell.com/security/cve/CVE-2012-4179.html

http://support.novell.com/security/cve/CVE-2012-4180.html

http://support.novell.com/security/cve/CVE-2012-4182.html

http://support.novell.com/security/cve/CVE-2012-4183.html

http://support.novell.com/security/cve/CVE-2012-4184.html

http://support.novell.com/security/cve/CVE-2012-4185.html

http://support.novell.com/security/cve/CVE-2012-4186.html

http://support.novell.com/security/cve/CVE-2012-4187.html

http://support.novell.com/security/cve/CVE-2012-4188.html

http://support.novell.com/security/cve/CVE-2012-4191.html

http://support.novell.com/security/cve/CVE-2012-4192.html

http://support.novell.com/security/cve/CVE-2012-4193.html

https://bugzilla.novell.com/783533

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Sign In

[security-announce] openSUSE-SU-2012:1345-1: important: MozillaFirefox: update to Firefox 16.0.1

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity