Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Mozilla Firefox und Mozilla Thunderbird, xulrunner, nspr, nss
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mozilla Firefox und Mozilla Thunderbird, xulrunner, nspr, nss
ID: openSUSE-SU-2013:1334-1
Distribution: SUSE
Plattformen: SUSE openSUSE 11.4
Datum: Mi, 14. August 2013, 11:32
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1717
Applikationen: nspr, nss, xulrunner, Mozilla Firefox, Mozilla Thunderbird

Originalnachricht

   openSUSE Security Update: Mozilla updates August 2013
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1334-1
Rating: important
References: #833389
Cross-References: CVE-2013-1701 CVE-2013-1702 CVE-2013-1704
CVE-2013-1705 CVE-2013-1708 CVE-2013-1709
CVE-2013-1710 CVE-2013-1711 CVE-2013-1713
CVE-2013-1714 CVE-2013-1717
Affected Products:
openSUSE 11.4
______________________________________________________________________________

An update that fixes 11 vulnerabilities is now available.

Description:

This patch contains updates for
- Firefox to 23.0
- xulrunner to 17.0.8esr
- Thunderbird to 17.0.8
- mozilla-nspr to 4.10
- mozilla-nss to 3.15,1

* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous
memory safety hazards
* MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free
mutating DOM during SetBody
* MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer
underflow when generating CRMF requests
* MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during
WAV audio file decoding
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI
misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests
allow for code execution and XSS attacks
* MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of
XrayWrappers using XBL Scopes
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal
used for validating URI for some Javascript components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin
bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file
system


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch 2013-122

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64):

MozillaFirefox-23.0-83.1
MozillaFirefox-branding-upstream-23.0-83.1
MozillaFirefox-buildsymbols-23.0-83.1
MozillaFirefox-debuginfo-23.0-83.1
MozillaFirefox-debugsource-23.0-83.1
MozillaFirefox-devel-23.0-83.1
MozillaFirefox-translations-common-23.0-83.1
MozillaFirefox-translations-other-23.0-83.1
MozillaThunderbird-17.0.8-69.2
MozillaThunderbird-buildsymbols-17.0.8-69.2
MozillaThunderbird-debuginfo-17.0.8-69.2
MozillaThunderbird-debugsource-17.0.8-69.2
MozillaThunderbird-devel-17.0.8-69.2
MozillaThunderbird-devel-debuginfo-17.0.8-69.2
MozillaThunderbird-translations-common-17.0.8-69.2
MozillaThunderbird-translations-other-17.0.8-69.2
enigmail-1.5.2+17.0.8-69.2
enigmail-debuginfo-1.5.2+17.0.8-69.2
libfreebl3-3.15.1-62.1
libfreebl3-debuginfo-3.15.1-62.1
libsoftokn3-3.15.1-62.1
libsoftokn3-debuginfo-3.15.1-62.1
mozilla-nspr-4.10-28.1
mozilla-nspr-debuginfo-4.10-28.1
mozilla-nspr-debugsource-4.10-28.1
mozilla-nspr-devel-4.10-28.1
mozilla-nss-3.15.1-62.1
mozilla-nss-certs-3.15.1-62.1
mozilla-nss-certs-debuginfo-3.15.1-62.1
mozilla-nss-debuginfo-3.15.1-62.1
mozilla-nss-debugsource-3.15.1-62.1
mozilla-nss-devel-3.15.1-62.1
mozilla-nss-sysinit-3.15.1-62.1
mozilla-nss-sysinit-debuginfo-3.15.1-62.1
mozilla-nss-tools-3.15.1-62.1
mozilla-nss-tools-debuginfo-3.15.1-62.1
seamonkey-2.20-73.1
seamonkey-debuginfo-2.20-73.1
seamonkey-debugsource-2.20-73.1
seamonkey-dom-inspector-2.20-73.1
seamonkey-irc-2.20-73.1
seamonkey-translations-common-2.20-73.1
seamonkey-translations-other-2.20-73.1
seamonkey-venkman-2.20-73.1

- openSUSE 11.4 (x86_64):

libfreebl3-32bit-3.15.1-62.1
libfreebl3-debuginfo-32bit-3.15.1-62.1
libsoftokn3-32bit-3.15.1-62.1
libsoftokn3-debuginfo-32bit-3.15.1-62.1
mozilla-nspr-32bit-4.10-28.1
mozilla-nspr-debuginfo-32bit-4.10-28.1
mozilla-nss-32bit-3.15.1-62.1
mozilla-nss-certs-32bit-3.15.1-62.1
mozilla-nss-certs-debuginfo-32bit-3.15.1-62.1
mozilla-nss-debuginfo-32bit-3.15.1-62.1
mozilla-nss-sysinit-32bit-3.15.1-62.1
mozilla-nss-sysinit-debuginfo-32bit-3.15.1-62.1

- openSUSE 11.4 (ia64):

libfreebl3-debuginfo-x86-3.15.1-62.1
libfreebl3-x86-3.15.1-62.1
libsoftokn3-debuginfo-x86-3.15.1-62.1
libsoftokn3-x86-3.15.1-62.1
mozilla-nspr-debuginfo-x86-4.10-28.1
mozilla-nspr-x86-4.10-28.1
mozilla-nss-certs-debuginfo-x86-3.15.1-62.1
mozilla-nss-certs-x86-3.15.1-62.1
mozilla-nss-debuginfo-x86-3.15.1-62.1
mozilla-nss-sysinit-debuginfo-x86-3.15.1-62.1
mozilla-nss-sysinit-x86-3.15.1-62.1
mozilla-nss-x86-3.15.1-62.1


References:

http://support.novell.com/security/cve/CVE-2013-1701.html
http://support.novell.com/security/cve/CVE-2013-1702.html
http://support.novell.com/security/cve/CVE-2013-1704.html
http://support.novell.com/security/cve/CVE-2013-1705.html
http://support.novell.com/security/cve/CVE-2013-1708.html
http://support.novell.com/security/cve/CVE-2013-1709.html
http://support.novell.com/security/cve/CVE-2013-1710.html
http://support.novell.com/security/cve/CVE-2013-1711.html
http://support.novell.com/security/cve/CVE-2013-1713.html
http://support.novell.com/security/cve/CVE-2013-1714.html
http://support.novell.com/security/cve/CVE-2013-1717.html
https://bugzilla.novell.com/833389

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung