Login


 
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Mozilla Firefox und Mozilla Thunderbird, Mozilla SeaMonkey
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mozilla Firefox und Mozilla Thunderbird, Mozilla SeaMonkey
ID: openSUSE-SU-2013:0323-1
Distribution: SUSE
Plattformen: SUSE openSUSE 12.1, SUSE openSUSE 12.2
Datum: Fr, 22. Februar 2013, 18:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783

Originalnachricht

   openSUSE Security Update: Mozilla: February 2013 update round (Firefox 19)
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0323-1
Rating: important
References: #796895 #804248
Cross-References: CVE-2013-0765 CVE-2013-0772 CVE-2013-0773
CVE-2013-0774 CVE-2013-0775 CVE-2013-0776
CVE-2013-0777 CVE-2013-0778 CVE-2013-0779
CVE-2013-0780 CVE-2013-0781 CVE-2013-0782
CVE-2013-0783
Affected Products:
openSUSE 12.2
openSUSE 12.1
______________________________________________________________________________

An update that fixes 13 vulnerabilities is now available.

Description:


MozillaFirefox was updated to Firefox 19.0 (bnc#804248)
MozillaThunderbird was updated to Thunderbird 17.0.3
(bnc#804248) seamonkey was updated to SeaMonkey 2.16
(bnc#804248) xulrunner was updated to 17.0.3esr
(bnc#804248) chmsee was updated to version 2.0.

Changes in MozillaFirefox 19.0:
* MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous
memory safety hazards
* MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds
read in image rendering
* MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL
objects can be wrapped again
* MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
bypass of COW and SOW security wrappers
* MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
JavaScript Workers
* MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
in nsImageLoadingContent
* MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
HTTPS connection through malicious proxy
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
Use-after-free, out of bounds read, and buffer overflow
issues found using Address Sanitizer
- removed obsolete patches
* mozilla-webrtc.patch
* mozilla-gstreamer-803287.patch
- added patch to fix session restore window order
(bmo#712763)

- update to Firefox 18.0.2
* blocklist and CTP updates
* fixes in JS engine

- update to Firefox 18.0.1
* blocklist updates
* backed out bmo#677092 (removed patch)
* fixed problems involving HTTP proxy transactions

- Fix WebRTC to build on powerpc

Changes in MozillaThunderbird:
- update to Thunderbird 17.0.3 (bnc#804248)
* MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety
hazards
* MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
bypass of COW and SOW security wrappers
* MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
JavaScript Workers
* MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
in nsImageLoadingContent
* MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
HTTPS connection through malicious proxy
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782
Use-after-free, out of bounds read, and buffer overflow
issues found using Address Sanitizer

- update Enigmail to 1.5.1
* The release fixes the regressions found in the past few
weeks

Changes in seamonkey:
- update to SeaMonkey 2.16 (bnc#804248)
* MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous
memory safety hazards
* MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds
read in image rendering
* MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL
objects can be wrapped again
* MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
bypass of COW and SOW security wrappers
* MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
JavaScript Workers
* MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
in nsImageLoadingContent
* MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
HTTPS connection through malicious proxy
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
Use-after-free, out of bounds read, and buffer overflow
issues found using Address Sanitizer
- removed obsolete patches
* mozilla-webrtc.patch
* mozilla-gstreamer-803287.patch

- update to SeaMonkey 2.15.2
* Applications could not be removed from the "Application
details" dialog under Preferences, Helper Applications
(bmo#826771).
* View / Message Body As could show menu items out of
context (bmo#831348)

- update to SeaMonkey 2.15.1
* backed out bmo#677092 (removed patch)
* fixed problems involving HTTP proxy transactions

- backed out restartless language packs as it broke
multi-locale setup (bmo#677092, bmo#818468)

Changes in xulrunner:
- update to 17.0.3esr (bnc#804248)
* MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety
hazards
* MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
bypass of COW and SOW security wrappers
* MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
JavaScript Workers
* MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
in nsImageLoadingContent
* MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
HTTPS connection through malicious proxy
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782
Use-after-free, out of bounds read, and buffer overflow
issues found using Address Sanitizer


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-141

- openSUSE 12.1:

zypper in -t patch openSUSE-2013-141

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

MozillaFirefox-19.0-2.33.1
MozillaFirefox-branding-upstream-19.0-2.33.1
MozillaFirefox-buildsymbols-19.0-2.33.1
MozillaFirefox-debuginfo-19.0-2.33.1
MozillaFirefox-debugsource-19.0-2.33.1
MozillaFirefox-devel-19.0-2.33.1
MozillaFirefox-translations-common-19.0-2.33.1
MozillaFirefox-translations-other-19.0-2.33.1
MozillaThunderbird-17.0.3-49.31.1
MozillaThunderbird-buildsymbols-17.0.3-49.31.1
MozillaThunderbird-debuginfo-17.0.3-49.31.1
MozillaThunderbird-debugsource-17.0.3-49.31.1
MozillaThunderbird-devel-17.0.3-49.31.1
MozillaThunderbird-devel-debuginfo-17.0.3-49.31.1
MozillaThunderbird-translations-common-17.0.3-49.31.1
MozillaThunderbird-translations-other-17.0.3-49.31.1
chmsee-2.0-2.14.3
chmsee-debuginfo-2.0-2.14.3
chmsee-debugsource-2.0-2.14.3
enigmail-1.5.1+17.0.3-49.31.1
enigmail-debuginfo-1.5.1+17.0.3-49.31.1
mozilla-js-17.0.3-2.30.1
mozilla-js-debuginfo-17.0.3-2.30.1
seamonkey-2.16-2.34.2
seamonkey-debuginfo-2.16-2.34.2
seamonkey-debugsource-2.16-2.34.2
seamonkey-dom-inspector-2.16-2.34.2
seamonkey-irc-2.16-2.34.2
seamonkey-translations-common-2.16-2.34.2
seamonkey-translations-other-2.16-2.34.2
seamonkey-venkman-2.16-2.34.2
xulrunner-17.0.3-2.30.1
xulrunner-buildsymbols-17.0.3-2.30.1
xulrunner-debuginfo-17.0.3-2.30.1
xulrunner-debugsource-17.0.3-2.30.1
xulrunner-devel-17.0.3-2.30.1
xulrunner-devel-debuginfo-17.0.3-2.30.1

- openSUSE 12.2 (x86_64):

mozilla-js-32bit-17.0.3-2.30.1
mozilla-js-debuginfo-32bit-17.0.3-2.30.1
xulrunner-32bit-17.0.3-2.30.1
xulrunner-debuginfo-32bit-17.0.3-2.30.1

- openSUSE 12.1 (i586 x86_64):

MozillaFirefox-19.0-2.62.1
MozillaFirefox-branding-upstream-19.0-2.62.1
MozillaFirefox-buildsymbols-19.0-2.62.1
MozillaFirefox-debuginfo-19.0-2.62.1
MozillaFirefox-debugsource-19.0-2.62.1
MozillaFirefox-devel-19.0-2.62.1
MozillaFirefox-translations-common-19.0-2.62.1
MozillaFirefox-translations-other-19.0-2.62.1
MozillaThunderbird-17.0.3-33.51.1
MozillaThunderbird-buildsymbols-17.0.3-33.51.1
MozillaThunderbird-debuginfo-17.0.3-33.51.1
MozillaThunderbird-debugsource-17.0.3-33.51.1
MozillaThunderbird-devel-17.0.3-33.51.1
MozillaThunderbird-devel-debuginfo-17.0.3-33.51.1
MozillaThunderbird-translations-common-17.0.3-33.51.1
MozillaThunderbird-translations-other-17.0.3-33.51.1
chmsee-2.0-2.32.3
chmsee-debuginfo-2.0-2.32.3
chmsee-debugsource-2.0-2.32.3
enigmail-1.5.1+17.0.3-33.51.1
enigmail-debuginfo-1.5.1+17.0.3-33.51.1
mozilla-js-17.0.3-2.57.1
mozilla-js-debuginfo-17.0.3-2.57.1
seamonkey-2.16-2.53.1
seamonkey-debuginfo-2.16-2.53.1
seamonkey-debugsource-2.16-2.53.1
seamonkey-dom-inspector-2.16-2.53.1
seamonkey-irc-2.16-2.53.1
seamonkey-translations-common-2.16-2.53.1
seamonkey-translations-other-2.16-2.53.1
seamonkey-venkman-2.16-2.53.1
xulrunner-17.0.3-2.57.1
xulrunner-buildsymbols-17.0.3-2.57.1
xulrunner-debuginfo-17.0.3-2.57.1
xulrunner-debugsource-17.0.3-2.57.1
xulrunner-devel-17.0.3-2.57.1
xulrunner-devel-debuginfo-17.0.3-2.57.1

- openSUSE 12.1 (x86_64):

mozilla-js-32bit-17.0.3-2.57.1
mozilla-js-debuginfo-32bit-17.0.3-2.57.1
xulrunner-32bit-17.0.3-2.57.1
xulrunner-debuginfo-32bit-17.0.3-2.57.1

- openSUSE 12.1 (ia64):

mozilla-js-debuginfo-x86-17.0.3-2.57.1
mozilla-js-x86-17.0.3-2.57.1
xulrunner-debuginfo-x86-17.0.3-2.57.1
xulrunner-x86-17.0.3-2.57.1


References:

http://support.novell.com/security/cve/CVE-2013-0765.html
http://support.novell.com/security/cve/CVE-2013-0772.html
http://support.novell.com/security/cve/CVE-2013-0773.html
http://support.novell.com/security/cve/CVE-2013-0774.html
http://support.novell.com/security/cve/CVE-2013-0775.html
http://support.novell.com/security/cve/CVE-2013-0776.html
http://support.novell.com/security/cve/CVE-2013-0777.html
http://support.novell.com/security/cve/CVE-2013-0778.html
http://support.novell.com/security/cve/CVE-2013-0779.html
http://support.novell.com/security/cve/CVE-2013-0780.html
http://support.novell.com/security/cve/CVE-2013-0781.html
http://support.novell.com/security/cve/CVE-2013-0782.html
http://support.novell.com/security/cve/CVE-2013-0783.html
https://bugzilla.novell.com/796895
https://bugzilla.novell.com/804248

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung