Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Mozilla Firefox
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mozilla Firefox
ID: openSUSE-SU-2012:1345-1
Distribution: SUSE
Plattformen: SUSE openSUSE 11.4, SUSE openSUSE 12.1, SUSE openSUSE 12.2
Datum: Mo, 15. Oktober 2012, 16:31
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193
Applikationen: Mozilla Firefox

Originalnachricht

   openSUSE Security Update: MozillaFirefox: update to Firefox 16.0.1
______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:1345-1
Rating: important
References: #783533
Cross-References: CVE-2012-3982 CVE-2012-3983 CVE-2012-3984
CVE-2012-3985 CVE-2012-3986 CVE-2012-3988
CVE-2012-3989 CVE-2012-3990 CVE-2012-3991
CVE-2012-3992 CVE-2012-3993 CVE-2012-3994
CVE-2012-3995 CVE-2012-4179 CVE-2012-4180
CVE-2012-4182 CVE-2012-4183 CVE-2012-4184
CVE-2012-4185 CVE-2012-4186 CVE-2012-4187
CVE-2012-4188 CVE-2012-4191 CVE-2012-4192
CVE-2012-4193
Affected Products:
openSUSE 12.2
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________

An update that fixes 25 vulnerabilities is now available.

Description:


The Mozilla suite received following security updates
(bnc#783533):

Mozilla Firefox was updated to 16.0.1. Mozilla Seamonkey
was updated to 2.13.1. Mozilla Thunderbird was updated to
16.0.1. Mozilla XULRunner was updated to 16.0.1.

* MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous
memory safety hazards
* MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952,
bmo#720619) defaultValue security checks not applied
* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous
memory safety hazards
* MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element
persistance allows for attacks
* MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued
access to initial origin after setting document.domain
* MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some
DOMWindowUtils methods bypass security checks
* MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash
with full screen and history navigation
* MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with
invalid cast when using instanceof operator
* MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty
function can bypass security checks
* MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and
location property accessible by plugins
* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101,
bmo#780370) Chrome Object Wrapper (COW) does not
disallow acces to privileged functions or properties
* MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and
script injection through location.hash
* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
Use-after-free, buffer overflow, and out of bounds read
issues found using Address Sanitizer
* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
CVE-2012-4188 Heap memory corruption issues found using
Address Sanitizer
* MFSA 2012-87/CVE-2012-3990 (bmo#787704)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2012-709

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-709

- openSUSE 11.4:

zypper in -t patch openSUSE-2012-709

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

MozillaFirefox-16.0.1-2.17.1
MozillaFirefox-branding-upstream-16.0.1-2.17.1
MozillaFirefox-buildsymbols-16.0.1-2.17.1
MozillaFirefox-debuginfo-16.0.1-2.17.1
MozillaFirefox-debugsource-16.0.1-2.17.1
MozillaFirefox-devel-16.0.1-2.17.1
MozillaFirefox-translations-common-16.0.1-2.17.1
MozillaFirefox-translations-other-16.0.1-2.17.1
MozillaThunderbird-16.0.1-49.15.1
MozillaThunderbird-buildsymbols-16.0.1-49.15.1
MozillaThunderbird-debuginfo-16.0.1-49.15.1
MozillaThunderbird-debugsource-16.0.1-49.15.1
MozillaThunderbird-devel-16.0.1-49.15.1
MozillaThunderbird-devel-debuginfo-16.0.1-49.15.1
MozillaThunderbird-translations-common-16.0.1-49.15.1
MozillaThunderbird-translations-other-16.0.1-49.15.1
enigmail-1.4.5.+16.0.1-49.15.1
enigmail-debuginfo-1.4.5.+16.0.1-49.15.1
mozilla-js-16.0.1-2.14.1
mozilla-js-debuginfo-16.0.1-2.14.1
mozilla-kde4-integration-0.6.4-10.4.1
mozilla-kde4-integration-debuginfo-0.6.4-10.4.1
mozilla-kde4-integration-debugsource-0.6.4-10.4.1
seamonkey-2.13.1-2.18.1
seamonkey-debuginfo-2.13.1-2.18.1
seamonkey-debugsource-2.13.1-2.18.1
seamonkey-dom-inspector-2.13.1-2.18.1
seamonkey-irc-2.13.1-2.18.1
seamonkey-translations-common-2.13.1-2.18.1
seamonkey-translations-other-2.13.1-2.18.1
seamonkey-venkman-2.13.1-2.18.1
xulrunner-16.0.1-2.14.1
xulrunner-buildsymbols-16.0.1-2.14.1
xulrunner-debuginfo-16.0.1-2.14.1
xulrunner-debugsource-16.0.1-2.14.1
xulrunner-devel-16.0.1-2.14.1
xulrunner-devel-debuginfo-16.0.1-2.14.1

- openSUSE 12.2 (x86_64):

mozilla-js-32bit-16.0.1-2.14.1
mozilla-js-debuginfo-32bit-16.0.1-2.14.1
xulrunner-32bit-16.0.1-2.14.1
xulrunner-debuginfo-32bit-16.0.1-2.14.1

- openSUSE 12.1 (i586 x86_64):

MozillaFirefox-16.0.1-2.46.1
MozillaFirefox-branding-upstream-16.0.1-2.46.1
MozillaFirefox-buildsymbols-16.0.1-2.46.1
MozillaFirefox-debuginfo-16.0.1-2.46.1
MozillaFirefox-debugsource-16.0.1-2.46.1
MozillaFirefox-devel-16.0.1-2.46.1
MozillaFirefox-translations-common-16.0.1-2.46.1
MozillaFirefox-translations-other-16.0.1-2.46.1
MozillaThunderbird-16.0.1-33.35.1
MozillaThunderbird-buildsymbols-16.0.1-33.35.1
MozillaThunderbird-debuginfo-16.0.1-33.35.1
MozillaThunderbird-debugsource-16.0.1-33.35.1
MozillaThunderbird-devel-16.0.1-33.35.1
MozillaThunderbird-devel-debuginfo-16.0.1-33.35.1
MozillaThunderbird-translations-common-16.0.1-33.35.1
MozillaThunderbird-translations-other-16.0.1-33.35.1
enigmail-1.4.5.+16.0.1-33.35.1
enigmail-debuginfo-1.4.5.+16.0.1-33.35.1
mozilla-js-16.0.1-2.41.1
mozilla-js-debuginfo-16.0.1-2.41.1
mozilla-kde4-integration-0.6.4-6.4.1
mozilla-kde4-integration-debuginfo-0.6.4-6.4.1
mozilla-kde4-integration-debugsource-0.6.4-6.4.1
seamonkey-2.13.1-2.37.1
seamonkey-debuginfo-2.13.1-2.37.1
seamonkey-debugsource-2.13.1-2.37.1
seamonkey-dom-inspector-2.13.1-2.37.1
seamonkey-irc-2.13.1-2.37.1
seamonkey-translations-common-2.13.1-2.37.1
seamonkey-translations-other-2.13.1-2.37.1
seamonkey-venkman-2.13.1-2.37.1
xulrunner-16.0.1-2.41.1
xulrunner-buildsymbols-16.0.1-2.41.1
xulrunner-debuginfo-16.0.1-2.41.1
xulrunner-debugsource-16.0.1-2.41.1
xulrunner-devel-16.0.1-2.41.1
xulrunner-devel-debuginfo-16.0.1-2.41.1

- openSUSE 12.1 (x86_64):

mozilla-js-32bit-16.0.1-2.41.1
mozilla-js-debuginfo-32bit-16.0.1-2.41.1
xulrunner-32bit-16.0.1-2.41.1
xulrunner-debuginfo-32bit-16.0.1-2.41.1

- openSUSE 12.1 (ia64):

mozilla-js-debuginfo-x86-16.0.1-2.41.1
mozilla-js-x86-16.0.1-2.41.1
xulrunner-debuginfo-x86-16.0.1-2.41.1
xulrunner-x86-16.0.1-2.41.1

- openSUSE 11.4 (i586 x86_64):

MozillaFirefox-16.0.1-41.1
MozillaFirefox-branding-upstream-16.0.1-41.1
MozillaFirefox-buildsymbols-16.0.1-41.1
MozillaFirefox-debuginfo-16.0.1-41.1
MozillaFirefox-debugsource-16.0.1-41.1
MozillaFirefox-devel-16.0.1-41.1
MozillaFirefox-translations-common-16.0.1-41.1
MozillaFirefox-translations-other-16.0.1-41.1
MozillaThunderbird-16.0.1-33.1
MozillaThunderbird-buildsymbols-16.0.1-33.1
MozillaThunderbird-debuginfo-16.0.1-33.1
MozillaThunderbird-debugsource-16.0.1-33.1
MozillaThunderbird-devel-16.0.1-33.1
MozillaThunderbird-devel-debuginfo-16.0.1-33.1
MozillaThunderbird-translations-common-16.0.1-33.1
MozillaThunderbird-translations-other-16.0.1-33.1
enigmail-1.4.5.+16.0.1-33.1
enigmail-debuginfo-1.4.5.+16.0.1-33.1
mozilla-kde4-integration-0.6.4-6.1
mozilla-kde4-integration-debuginfo-0.6.4-6.1
mozilla-kde4-integration-debugsource-0.6.4-6.1
seamonkey-2.13.1-37.1
seamonkey-debuginfo-2.13.1-37.1
seamonkey-debugsource-2.13.1-37.1
seamonkey-dom-inspector-2.13.1-37.1
seamonkey-irc-2.13.1-37.1
seamonkey-translations-common-2.13.1-37.1
seamonkey-translations-other-2.13.1-37.1
seamonkey-venkman-2.13.1-37.1


References:

http://support.novell.com/security/cve/CVE-2012-3982.html
http://support.novell.com/security/cve/CVE-2012-3983.html
http://support.novell.com/security/cve/CVE-2012-3984.html
http://support.novell.com/security/cve/CVE-2012-3985.html
http://support.novell.com/security/cve/CVE-2012-3986.html
http://support.novell.com/security/cve/CVE-2012-3988.html
http://support.novell.com/security/cve/CVE-2012-3989.html
http://support.novell.com/security/cve/CVE-2012-3990.html
http://support.novell.com/security/cve/CVE-2012-3991.html
http://support.novell.com/security/cve/CVE-2012-3992.html
http://support.novell.com/security/cve/CVE-2012-3993.html
http://support.novell.com/security/cve/CVE-2012-3994.html
http://support.novell.com/security/cve/CVE-2012-3995.html
http://support.novell.com/security/cve/CVE-2012-4179.html
http://support.novell.com/security/cve/CVE-2012-4180.html
http://support.novell.com/security/cve/CVE-2012-4182.html
http://support.novell.com/security/cve/CVE-2012-4183.html
http://support.novell.com/security/cve/CVE-2012-4184.html
http://support.novell.com/security/cve/CVE-2012-4185.html
http://support.novell.com/security/cve/CVE-2012-4186.html
http://support.novell.com/security/cve/CVE-2012-4187.html
http://support.novell.com/security/cve/CVE-2012-4188.html
http://support.novell.com/security/cve/CVE-2012-4191.html
http://support.novell.com/security/cve/CVE-2012-4192.html
http://support.novell.com/security/cve/CVE-2012-4193.html
https://bugzilla.novell.com/783533

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung