Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2013:0049-1: important: Security update for MozillaFirefox

Recommended Posts

SUSE Security Update: Security update for MozillaFirefox

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2013:0049-1

Rating: important

References: #796628 #796895

Affected Products:

SUSE Linux Enterprise Server 10 SP4

SUSE Linux Enterprise Desktop 10 SP4

SLE SDK 10 SP4

______________________________________________________________________________

 

An update that contains security fixes can now be

installed. It includes two new package versions.

 

Description:

 

 

Mozilla Firefox was updated to the 10.0.12ESR release.

 

*

 

MFSA 2013-01: Mozilla developers identified and fixed

several memory safety bugs in the browser engine used in

Firefox and other Mozilla-based products. Some of these

bugs showed evidence of memory corruption under certain

circumstances, and we presume that with enough effort at

least some of these could be exploited to run arbitrary

code.

 

o Christoph Diehl, Christian Holler, Mats

Palmgren, and Chiaki Ishikawa reported memory safety

problems and crashes that affect Firefox ESR 10, Firefox

ESR 17, and Firefox 17. ( CVE-2013-0769

) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl,

Christian Holler, Gary Kwong, Robert O'Callahan, and

Scoobidiver reported memory safety problems and crashes

that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749

) o Jesse Ruderman, Christian Holler, Julian Seward, and

Scoobidiver reported memory safety problems and crashes

that affect Firefox 17. (CVE-2013-0770

)

*

 

MFSA 2013-02: Security researcher Abhishek Arya

(Inferno) of the Google Chrome Security Team discovered a

series critically rated of use-after-free, out of bounds

read, and buffer overflow issues using the Address

Sanitizer tool in shipped software. These issues are

potentially exploitable, allowing for remote code

execution. We would also like to thank Abhishek for

reporting three additional user-after-free and out of

bounds read flaws introduced during Firefox development

that were fixed before general release.

 

The following issue was fixed in Firefox 18:

 

o Global-buffer-overflow in

CharDistributionAnalysis::HandleOneChar (CVE-2013-0760

)

 

The following issues were fixed in Firefox 18, ESR

17.0.1, and ESR 10.0.12:

 

o Heap-use-after-free in imgRequest::OnStopFrame

(CVE-2013-0762

) o Heap-use-after-free in ~nsHTMLEditRules

(CVE-2013-0766

) o Out of bounds read in

nsSVGPathElement::GetPathLengthScale ( CVE-2013-0767

)

 

The following issues were fixed in Firefox 18 and ESR

17.0.1:

 

o Heap-use-after-free in

mozilla::TrackUnionStream::EndTrack ( CVE-2013-0761

) o Heap-use-after-free in Mesa, triggerable by resizing

a WebGL canvas (CVE-2013-0763

) o Heap-buffer-overflow in

gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771

)

 

The following issue was fixed in Firefox 18 and in

the earlier ESR 10.0.11 release:

 

o Heap-buffer-overflow in nsWindow::OnExposeEvent

(CVE-2012-5829

)

*

 

MFSA 2013-03: Security researcher miaubiz used the

Address Sanitizer tool to discover a buffer overflow in

Canvas when specific bad height and width values were given

through HTML. This could lead to a potentially exploitable

crash. (CVE-2013-0768

)

 

Miaubiz also found a potentially exploitable crash

when 2D and 3D content was mixed which was introduced

during Firefox development and fixed before general release.

 

*

 

MFSA 2013-04: Security researcher Masato Kinugawa

found a flaw in which the displayed URL values within the

addressbar can be spoofed by a page during loading. This

allows for phishing attacks where a malicious page can

spoof the identify of another site. ( CVE-2013-0759

)

 

*

 

MFSA 2013-05: Using the Address Sanitizer tool,

security researcher Atte Kettunen from OUSPG discovered

that the combination of large numbers of columns and column

groups in a table could cause the array containing the

columns during rendering to overwrite itself. This can lead

to a user-after-free causing a potentially exploitable

crash. ( CVE-2013-0744

)

 

*

 

MFSA 2013-06: Mozilla developer Wesley Johnston

reported that when there are two or more iframes on the

same HTML page, an iframe is able to see the touch events

and their targets that occur within the other iframes on

the page. If the iframes are from the same origin, they can

also access the properties and methods of the targets of

other iframes but same-origin policy (SOP) restricts access

across domains. This allows for information leakage and

possibilities for cross-site scripting (XSS) if another

vulnerability can be used to get around SOP restrictions.

(CVE-2013-0751

)

 

*

 

MFSA 2013-07: Mozilla community member Jerry Baker

reported a crashing issue found through Thunderbird when

downloading messages over a Secure Sockets Layer (SSL)

connection. This was caused by a bug in the networking code

assuming that secure connections were entirely handled on

the socket transport thread when they can occur on a

variety of threads. The resulting crash was potentially

exploitable. (CVE-2013-0764

)

 

*

 

MFSA 2013-08: Mozilla developer Olli Pettay

discovered that the AutoWrapperChanger class fails to keep

some javascript objects alive during garbage collection.

This can lead to an exploitable crash allowing for

arbitrary code execution. (CVE-2013-0745

)

 

*

 

MFSA 2013-09: Mozilla developer Boris Zbarsky

reported reported a problem where jsval-returning

quickstubs fail to wrap their return values, causing a

compartment mismatch. This mismatch can cause garbage

collection to occur incorrectly and lead to a potentially

exploitable crash. (CVE-2013-0746

)

 

*

 

MFSA 2013-10: Mozilla security researcher Jesse

Ruderman reported that events in the plugin handler can be

manipulated by web content to bypass same-origin policy

(SOP) restrictions. This can allow for clickjacking on

malicious web pages. (CVE-2013-0747

)

 

*

 

MFSA 2013-11: Mozilla security researcher Jesse

Ruderman discovered that using the toString function of XBL

objects can lead to inappropriate information leakage by

revealing the address space layout instead of just the ID

of the object. This layout information could potentially be

used to bypass ASLR and other security protections.

(CVE-2013-0748

)

 

*

 

MFSA 2013-12: Security researcher pa_kt reported a

flaw via TippingPoint's Zero Day Initiative that an integer

overflow is possible when calculating the length for a

Javascript string concatenation, which is then used for

memory allocation. This results in a buffer overflow,

leading to a potentially exploitable memory corruption.

(CVE-2013-0750

)

 

*

 

MFSA 2013-13: Security researcher Sviatoslav Chagaev

reported that when using an XBL file containing multiple

XML bindings with SVG content, a memory corruption can

occur. In concern with remote XUL, this can lead to an

exploitable crash. (CVE-2013-0752

)

 

*

 

MFSA 2013-14: Security researcher Mariusz Mlynski

reported that it is possible to change the prototype of an

object and bypass Chrome Object Wrappers (COW) to gain

access to chrome privileged functions. This could allow for

arbitrary code execution. (CVE-2013-0757

)

 

*

 

MFSA 2013-15: Security researcher Mariusz Mlynski

reported that it is possible to open a chrome privileged

web page through plugin objects through interaction with

SVG elements. This could allow for arbitrary code

execution. (CVE-2013-0758

)

 

*

 

MFSA 2013-16: Security researcher regenrecht

reported, via TippingPoint's Zero Day Initiative, a

use-after-free in XMLSerializer by the exposing of

serializeToStream to web content. This can lead to

arbitrary code execution when exploited. (CVE-2013-0753

)

 

*

 

MFSA 2013-17: Security researcher regenrecht

reported, via TippingPoint's Zero Day Initiative, a

use-after-free within the ListenerManager when garbage

collection is forced after data in listener objects have

been allocated in some circumstances. This results in a

use-after-free which can lead to arbitrary code execution.

(CVE-2013-0754

)

 

*

 

MFSA 2013-18: Security researcher regenrecht

reported, via TippingPoint's Zero Day Initiative, a

use-after-free using the domDoc pointer within Vibrate

library. This can lead to arbitrary code execution when

exploited. (CVE-2013-0755

)

 

*

 

MFSA 2013-19: Security researcher regenrecht

reported, via TippingPoint's Zero Day Initiative, a garbage

collection flaw in Javascript Proxy objects. This can lead

to a use-after-free leading to arbitrary code execution.

(CVE-2013-0756

)

 

*

 

MFSA 2013-20: Google reported to Mozilla that

TURKTRUST, a certificate authority in Mozilla's root

program, had mis-issued two intermediate certificates to

customers. The issue was not specific to Firefox but there

was evidence that one of the certificates was used for

man-in-the-middle (MITM) traffic management of domain names

that the customer did not legitimately own or control. This

issue was resolved by revoking the trust for these specific

mis-issued certificates. (CVE-2013-0743

)

 

 

 

Package List:

 

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.14.1 and 4.9.4]:

 

mozilla-nspr-4.9.4-0.6.1

mozilla-nspr-devel-4.9.4-0.6.1

mozilla-nss-3.14.1-0.6.1

mozilla-nss-devel-3.14.1-0.6.1

mozilla-nss-tools-3.14.1-0.6.1

 

- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x):

 

MozillaFirefox-10.0.12-0.6.1

MozillaFirefox-translations-10.0.12-0.6.1

 

- SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 3.14.1 and 4.9.4]:

 

mozilla-nspr-32bit-4.9.4-0.6.1

mozilla-nss-32bit-3.14.1-0.6.1

 

- SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.14.1 and 4.9.4]:

 

mozilla-nspr-x86-4.9.4-0.6.1

mozilla-nss-x86-3.14.1-0.6.1

 

- SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.14.1 and 4.9.4]:

 

mozilla-nspr-64bit-4.9.4-0.6.1

mozilla-nss-64bit-3.14.1-0.6.1

 

- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 3.14.1 and 4.9.4]:

 

mozilla-nspr-4.9.4-0.6.1

mozilla-nspr-devel-4.9.4-0.6.1

mozilla-nss-3.14.1-0.6.1

mozilla-nss-devel-3.14.1-0.6.1

mozilla-nss-tools-3.14.1-0.6.1

 

- SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 3.14.1 and 4.9.4]:

 

mozilla-nspr-32bit-4.9.4-0.6.1

mozilla-nss-32bit-3.14.1-0.6.1

 

- SUSE Linux Enterprise Desktop 10 SP4 (i586):

 

MozillaFirefox-10.0.12-0.6.1

MozillaFirefox-translations-10.0.12-0.6.1

 

- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.14.1]:

 

mozilla-nss-tools-3.14.1-0.6.1

 

- SLE SDK 10 SP4 (i586 ia64 ppc s390x):

 

MozillaFirefox-branding-upstream-10.0.12-0.6.1

 

 

References:

 

https://bugzilla.novell.com/796628

https://bugzilla.novell.com/796895

http://download.novell.com/patch/finder/?keywords=dbe0a7820fa20c51a9e400f8a2814641

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×