Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Mozilla Firefox
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mozilla Firefox
ID: openSUSE-SU-2012:1345-1
Distribution: SUSE
Plattformen: openSUSE 11.4, openSUSE 12.1, openSUSE 12.2
Datum: Mo, 15. Oktober 2012, 16:31
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193
Applikationen: Mozilla Firefox

Originalnachricht

 
   openSUSE Security Update: MozillaFirefox: update to Firefox 16.0.1
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:1345-1
Rating:             important
References:         #783533 
Cross-References:   CVE-2012-3982 CVE-2012-3983 CVE-2012-3984
                    CVE-2012-3985 CVE-2012-3986 CVE-2012-3988
                    CVE-2012-3989 CVE-2012-3990 CVE-2012-3991
                    CVE-2012-3992 CVE-2012-3993 CVE-2012-3994
                    CVE-2012-3995 CVE-2012-4179 CVE-2012-4180
                    CVE-2012-4182 CVE-2012-4183 CVE-2012-4184
                    CVE-2012-4185 CVE-2012-4186 CVE-2012-4187
                    CVE-2012-4188 CVE-2012-4191 CVE-2012-4192
                    CVE-2012-4193
Affected Products:
                    openSUSE 12.2
                    openSUSE 12.1
                    openSUSE 11.4
______________________________________________________________________________

   An update that fixes 25 vulnerabilities is now available.

Description:


   The Mozilla suite received following security updates
   (bnc#783533):

   Mozilla Firefox was updated to 16.0.1. Mozilla Seamonkey
   was updated to 2.13.1. Mozilla Thunderbird was updated to
   16.0.1. Mozilla XULRunner was updated to 16.0.1.

   * MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous
   memory safety hazards
   * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952,
   bmo#720619) defaultValue security checks not applied
   * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous
   memory safety hazards
   * MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element
   persistance allows for attacks
   * MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued
   access to initial origin after setting document.domain
   * MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some
   DOMWindowUtils methods bypass security checks
   * MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash
   with full screen and history navigation
   * MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with
   invalid cast when using instanceof operator
   * MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty
   function can bypass security checks
   * MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and
   location property accessible by plugins
   * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101,
   bmo#780370) Chrome Object Wrapper (COW) does not
   disallow acces to privileged functions or properties
   * MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and
   script injection through location.hash
   * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
   CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
   Use-after-free, buffer overflow, and out of bounds read
   issues found using Address Sanitizer
   * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
   CVE-2012-4188 Heap memory corruption issues found using
   Address Sanitizer
   * MFSA 2012-87/CVE-2012-3990 (bmo#787704)


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.2:

      zypper in -t patch openSUSE-2012-709

   - openSUSE 12.1:

      zypper in -t patch openSUSE-2012-709

   - openSUSE 11.4:

      zypper in -t patch openSUSE-2012-709

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.2 (i586 x86_64):

      MozillaFirefox-16.0.1-2.17.1
      MozillaFirefox-branding-upstream-16.0.1-2.17.1
      MozillaFirefox-buildsymbols-16.0.1-2.17.1
      MozillaFirefox-debuginfo-16.0.1-2.17.1
      MozillaFirefox-debugsource-16.0.1-2.17.1
      MozillaFirefox-devel-16.0.1-2.17.1
      MozillaFirefox-translations-common-16.0.1-2.17.1
      MozillaFirefox-translations-other-16.0.1-2.17.1
      MozillaThunderbird-16.0.1-49.15.1
      MozillaThunderbird-buildsymbols-16.0.1-49.15.1
      MozillaThunderbird-debuginfo-16.0.1-49.15.1
      MozillaThunderbird-debugsource-16.0.1-49.15.1
      MozillaThunderbird-devel-16.0.1-49.15.1
      MozillaThunderbird-devel-debuginfo-16.0.1-49.15.1
      MozillaThunderbird-translations-common-16.0.1-49.15.1
      MozillaThunderbird-translations-other-16.0.1-49.15.1
      enigmail-1.4.5.+16.0.1-49.15.1
      enigmail-debuginfo-1.4.5.+16.0.1-49.15.1
      mozilla-js-16.0.1-2.14.1
      mozilla-js-debuginfo-16.0.1-2.14.1
      mozilla-kde4-integration-0.6.4-10.4.1
      mozilla-kde4-integration-debuginfo-0.6.4-10.4.1
      mozilla-kde4-integration-debugsource-0.6.4-10.4.1
      seamonkey-2.13.1-2.18.1
      seamonkey-debuginfo-2.13.1-2.18.1
      seamonkey-debugsource-2.13.1-2.18.1
      seamonkey-dom-inspector-2.13.1-2.18.1
      seamonkey-irc-2.13.1-2.18.1
      seamonkey-translations-common-2.13.1-2.18.1
      seamonkey-translations-other-2.13.1-2.18.1
      seamonkey-venkman-2.13.1-2.18.1
      xulrunner-16.0.1-2.14.1
      xulrunner-buildsymbols-16.0.1-2.14.1
      xulrunner-debuginfo-16.0.1-2.14.1
      xulrunner-debugsource-16.0.1-2.14.1
      xulrunner-devel-16.0.1-2.14.1
      xulrunner-devel-debuginfo-16.0.1-2.14.1

   - openSUSE 12.2 (x86_64):

      mozilla-js-32bit-16.0.1-2.14.1
      mozilla-js-debuginfo-32bit-16.0.1-2.14.1
      xulrunner-32bit-16.0.1-2.14.1
      xulrunner-debuginfo-32bit-16.0.1-2.14.1

   - openSUSE 12.1 (i586 x86_64):

      MozillaFirefox-16.0.1-2.46.1
      MozillaFirefox-branding-upstream-16.0.1-2.46.1
      MozillaFirefox-buildsymbols-16.0.1-2.46.1
      MozillaFirefox-debuginfo-16.0.1-2.46.1
      MozillaFirefox-debugsource-16.0.1-2.46.1
      MozillaFirefox-devel-16.0.1-2.46.1
      MozillaFirefox-translations-common-16.0.1-2.46.1
      MozillaFirefox-translations-other-16.0.1-2.46.1
      MozillaThunderbird-16.0.1-33.35.1
      MozillaThunderbird-buildsymbols-16.0.1-33.35.1
      MozillaThunderbird-debuginfo-16.0.1-33.35.1
      MozillaThunderbird-debugsource-16.0.1-33.35.1
      MozillaThunderbird-devel-16.0.1-33.35.1
      MozillaThunderbird-devel-debuginfo-16.0.1-33.35.1
      MozillaThunderbird-translations-common-16.0.1-33.35.1
      MozillaThunderbird-translations-other-16.0.1-33.35.1
      enigmail-1.4.5.+16.0.1-33.35.1
      enigmail-debuginfo-1.4.5.+16.0.1-33.35.1
      mozilla-js-16.0.1-2.41.1
      mozilla-js-debuginfo-16.0.1-2.41.1
      mozilla-kde4-integration-0.6.4-6.4.1
      mozilla-kde4-integration-debuginfo-0.6.4-6.4.1
      mozilla-kde4-integration-debugsource-0.6.4-6.4.1
      seamonkey-2.13.1-2.37.1
      seamonkey-debuginfo-2.13.1-2.37.1
      seamonkey-debugsource-2.13.1-2.37.1
      seamonkey-dom-inspector-2.13.1-2.37.1
      seamonkey-irc-2.13.1-2.37.1
      seamonkey-translations-common-2.13.1-2.37.1
      seamonkey-translations-other-2.13.1-2.37.1
      seamonkey-venkman-2.13.1-2.37.1
      xulrunner-16.0.1-2.41.1
      xulrunner-buildsymbols-16.0.1-2.41.1
      xulrunner-debuginfo-16.0.1-2.41.1
      xulrunner-debugsource-16.0.1-2.41.1
      xulrunner-devel-16.0.1-2.41.1
      xulrunner-devel-debuginfo-16.0.1-2.41.1

   - openSUSE 12.1 (x86_64):

      mozilla-js-32bit-16.0.1-2.41.1
      mozilla-js-debuginfo-32bit-16.0.1-2.41.1
      xulrunner-32bit-16.0.1-2.41.1
      xulrunner-debuginfo-32bit-16.0.1-2.41.1

   - openSUSE 12.1 (ia64):

      mozilla-js-debuginfo-x86-16.0.1-2.41.1
      mozilla-js-x86-16.0.1-2.41.1
      xulrunner-debuginfo-x86-16.0.1-2.41.1
      xulrunner-x86-16.0.1-2.41.1

   - openSUSE 11.4 (i586 x86_64):

      MozillaFirefox-16.0.1-41.1
      MozillaFirefox-branding-upstream-16.0.1-41.1
      MozillaFirefox-buildsymbols-16.0.1-41.1
      MozillaFirefox-debuginfo-16.0.1-41.1
      MozillaFirefox-debugsource-16.0.1-41.1
      MozillaFirefox-devel-16.0.1-41.1
      MozillaFirefox-translations-common-16.0.1-41.1
      MozillaFirefox-translations-other-16.0.1-41.1
      MozillaThunderbird-16.0.1-33.1
      MozillaThunderbird-buildsymbols-16.0.1-33.1
      MozillaThunderbird-debuginfo-16.0.1-33.1
      MozillaThunderbird-debugsource-16.0.1-33.1
      MozillaThunderbird-devel-16.0.1-33.1
      MozillaThunderbird-devel-debuginfo-16.0.1-33.1
      MozillaThunderbird-translations-common-16.0.1-33.1
      MozillaThunderbird-translations-other-16.0.1-33.1
      enigmail-1.4.5.+16.0.1-33.1
      enigmail-debuginfo-1.4.5.+16.0.1-33.1
      mozilla-kde4-integration-0.6.4-6.1
      mozilla-kde4-integration-debuginfo-0.6.4-6.1
      mozilla-kde4-integration-debugsource-0.6.4-6.1
      seamonkey-2.13.1-37.1
      seamonkey-debuginfo-2.13.1-37.1
      seamonkey-debugsource-2.13.1-37.1
      seamonkey-dom-inspector-2.13.1-37.1
      seamonkey-irc-2.13.1-37.1
      seamonkey-translations-common-2.13.1-37.1
      seamonkey-translations-other-2.13.1-37.1
      seamonkey-venkman-2.13.1-37.1


References:

   http://support.novell.com/security/cve/CVE-2012-3982.html
   http://support.novell.com/security/cve/CVE-2012-3983.html
   http://support.novell.com/security/cve/CVE-2012-3984.html
   http://support.novell.com/security/cve/CVE-2012-3985.html
   http://support.novell.com/security/cve/CVE-2012-3986.html
   http://support.novell.com/security/cve/CVE-2012-3988.html
   http://support.novell.com/security/cve/CVE-2012-3989.html
   http://support.novell.com/security/cve/CVE-2012-3990.html
   http://support.novell.com/security/cve/CVE-2012-3991.html
   http://support.novell.com/security/cve/CVE-2012-3992.html
   http://support.novell.com/security/cve/CVE-2012-3993.html
   http://support.novell.com/security/cve/CVE-2012-3994.html
   http://support.novell.com/security/cve/CVE-2012-3995.html
   http://support.novell.com/security/cve/CVE-2012-4179.html
   http://support.novell.com/security/cve/CVE-2012-4180.html
   http://support.novell.com/security/cve/CVE-2012-4182.html
   http://support.novell.com/security/cve/CVE-2012-4183.html
   http://support.novell.com/security/cve/CVE-2012-4184.html
   http://support.novell.com/security/cve/CVE-2012-4185.html
   http://support.novell.com/security/cve/CVE-2012-4186.html
   http://support.novell.com/security/cve/CVE-2012-4187.html
   http://support.novell.com/security/cve/CVE-2012-4188.html
   http://support.novell.com/security/cve/CVE-2012-4191.html
   http://support.novell.com/security/cve/CVE-2012-4192.html
   http://support.novell.com/security/cve/CVE-2012-4193.html
   https://bugzilla.novell.com/783533

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung