Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2014:0418-1: important: Security update for MozillaFirefox

Recommended Posts

SUSE Security Update: Security update for MozillaFirefox

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2014:0418-1

Rating: important

References: #868603

Affected Products:

SUSE Linux Enterprise Software Development Kit 11 SP3

SUSE Linux Enterprise Server 11 SP3 for VMware

SUSE Linux Enterprise Server 11 SP3

SUSE Linux Enterprise Desktop 11 SP3

______________________________________________________________________________

 

An update that contains security fixes can now be

installed. It includes two new package versions.

 

Description:

 

 

Mozilla Firefox was updated to 24.4.0ESR release, fixing

various security issues and bugs:

 

*

 

MFSA 2014-15: Mozilla developers and community

identified identified and fixed several memory safety bugs

in the browser engine used in Firefox and other

Mozilla-based products. Some of these bugs showed evidence

of memory corruption under certain circumstances, and we

presume that with enough effort at least some of these

could be exploited to run arbitrary code.

 

*

 

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,

Jesse Ruderman, Dan Gohman, and Christoph Diehl reported

memory safety problems and crashes that affect Firefox ESR

24.3 and Firefox 27. (CVE-2014-1493)

 

*

 

Gregor Wagner, Olli Pettay, Gary Kwong, Jesse

Ruderman, Luke Wagner, Rob Fletcher, and Makoto Kato

reported memory safety problems and crashes that affect

Firefox 27. (CVE-2014-1494)

 

*

 

MFSA 2014-16 / CVE-2014-1496: Security researcher Ash

reported an issue where the extracted files for updates to

existing files are not read only during the update process.

This allows for the potential replacement or modification

of these files during the update process if a malicious

application is present on the local system.

 

*

 

MFSA 2014-17 / CVE-2014-1497: Security researcher

Atte Kettunen from OUSPG reported an out of bounds read

during the decoding of WAV format audio files for playback.

This could allow web content access to heap data as well as

causing a crash.

 

*

 

MFSA 2014-18 / CVE-2014-1498: Mozilla developer David

Keeler reported that the crypto.generateCRFMRequest method

did not correctly validate the key type of the KeyParams

argument when generating ec-dual-use requests. This could

lead to a crash and a denial of service (DOS) attack.

 

*

 

MFSA 2014-19 / CVE-2014-1499: Mozilla developer Ehsan

Akhgari reported a spoofing attack where the permission

prompt for a WebRTC session can appear to be from a

different site than its actual originating site if a timed

navigation occurs during the prompt generation. This allows

an attacker to potentially gain access to the webcam or

microphone by masquerading as another site and gaining user

permission through spoofing.

 

*

 

MFSA 2014-20 / CVE-2014-1500: Security researchers

Tim Philipp Schaefers and Sebastian Neef, the team of

Internetwache.org, reported a mechanism using JavaScript

onbeforeunload events with page navigation to prevent users

from closing a malicious page's tab and causing the browser

to become unresponsive. This allows for a denial of service

(DOS) attack due to resource consumption and blocks the

ability of users to exit the application.

 

*

 

MFSA 2014-21 / CVE-2014-1501: Security researcher

Alex Infuehr reported that on Firefox for Android it is

possible to open links to local files from web content by

selecting "Open Link in New Tab" from the context menu

using the file: protocol. The web content would have to

know the precise location of a malicious local file in

order to exploit this issue. This issue does not affect

Firefox on non-Android systems.

 

*

 

MFSA 2014-22 / CVE-2014-1502: Mozilla developer Jeff

Gilbert discovered a mechanism where a malicious site with

WebGL content could inject content from its context to that

of another site's WebGL context, causing the second site to

replace textures and similar content. This cannot be used

to steal data but could be used to render arbitrary content

in these limited circumstances.

 

*

 

MFSA 2014-23 / CVE-2014-1504: Security researcher

Nicolas Golubovic reported that the Content Security Policy

(CSP) of data: documents was not saved as part of session

restore. If an attacker convinced a victim to open a

document from a data: URL injected onto a page, this can

lead to a Cross-Site Scripting (XSS) attack. The target

page may have a strict CSP that protects against this XSS

attack, but if the attacker induces a browser crash with

another bug, an XSS attack would occur during session

restoration, bypassing the CSP on the site.

 

*

 

MFSA 2014-26 / CVE-2014-1508: Security researcher

Tyson Smith and Jesse Schwartzentruber of the BlackBerry

Security Automated Analysis Team used the Address Sanitizer

tool while fuzzing to discover an out-of-bounds read during

polygon rendering in MathML. This can allow web content to

potentially read protected memory addresses. In combination

with previous techniques used for SVG timing attacks, this

could allow for text values to be read across domains,

leading to information disclosure.

 

*

 

MFSA 2014-27 / CVE-2014-1509: Security researcher

John Thomson discovered a memory corruption in the Cairo

graphics library during font rendering of a PDF file for

display. This memory corruption leads to a potentially

exploitable crash and to a denial of service (DOS). This

issues is not able to be triggered in a default

configuration and would require a malicious extension to be

installed.

 

*

 

MFSA 2014-28 / CVE-2014-1505: Mozilla developer

Robert O'Callahan reported a mechanism for timing attacks

involving SVG filters and displacements input to

feDisplacementMap. This allows displacements to potentially

be correlated with values derived from content. This is

similar to the previously reported techniques used for SVG

timing attacks and could allow for text values to be read

across domains, leading to information disclosure.

 

*

 

MFSA 2014-29 / CVE-2014-1510 / CVE-2014-1511:

Security researcher Mariusz Mlynski, via TippingPoint's

Pwn2Own contest, reported that it is possible for untrusted

web content to load a chrome-privileged page by getting

JavaScript-implemented WebIDL to call window.open(). A

second bug allowed the bypassing of the popup-blocker

without user interaction. Combined these two bugs allow an

attacker to load a JavaScript URL that is executed with the

full privileges of the browser, which allows arbitrary code

execution.

 

*

 

MFSA 2014-30 / CVE-2014-1512: Security research firm

VUPEN, via TippingPoint's Pwn2Own contest, reported that

memory pressure during Garbage Collection could lead to

memory corruption of TypeObjects in the JS engine,

resulting in an exploitable use-after-free condition.

 

*

 

MFSA 2014-31 / CVE-2014-1513: Security researcher

Jueri Aedla, via TippingPoint's Pwn2Own contest, reported

that TypedArrayObject does not handle the case where

ArrayBuffer objects are neutered, setting their length to

zero while still in use. This leads to out-of-bounds reads

and writes into the JavaScript heap, allowing for arbitrary

code execution.

 

*

 

MFSA 2014-32 / CVE-2014-1514: Security researcher

George Hotz, via TippingPoint's Pwn2Own contest, discovered

an issue where values are copied from an array into a

second, neutered array. This allows for an out-of-bounds

write into memory, causing an exploitable crash leading to

arbitrary code execution.

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Software Development Kit 11 SP3:

 

zypper in -t patch sdksp3-firefox-201403-9049

 

- SUSE Linux Enterprise Server 11 SP3 for VMware:

 

zypper in -t patch slessp3-firefox-201403-9049

 

- SUSE Linux Enterprise Server 11 SP3:

 

zypper in -t patch slessp3-firefox-201403-9049

 

- SUSE Linux Enterprise Desktop 11 SP3:

 

zypper in -t patch sledsp3-firefox-201403-9049

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.10.4]:

 

MozillaFirefox-devel-24.4.0esr-0.8.1

mozilla-nspr-devel-4.10.4-0.3.1

 

- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 24.4.0esr and 4.10.4]:

 

MozillaFirefox-24.4.0esr-0.8.1

MozillaFirefox-translations-24.4.0esr-0.8.1

mozilla-nspr-4.10.4-0.3.1

 

- SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 4.10.4]:

 

mozilla-nspr-32bit-4.10.4-0.3.1

 

- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 24.4.0esr and 4.10.4]:

 

MozillaFirefox-24.4.0esr-0.8.1

MozillaFirefox-branding-SLED-24-0.7.23

MozillaFirefox-translations-24.4.0esr-0.8.1

mozilla-nspr-4.10.4-0.3.1

 

- SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 4.10.4]:

 

mozilla-nspr-32bit-4.10.4-0.3.1

 

- SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 4.10.4]:

 

mozilla-nspr-x86-4.10.4-0.3.1

 

- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.4.0esr and 4.10.4]:

 

MozillaFirefox-24.4.0esr-0.8.1

MozillaFirefox-branding-SLED-24-0.7.23

MozillaFirefox-translations-24.4.0esr-0.8.1

mozilla-nspr-4.10.4-0.3.1

 

- SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 4.10.4]:

 

mozilla-nspr-32bit-4.10.4-0.3.1

 

 

References:

 

https://bugzilla.novell.com/868603

http://download.suse.com/patch/finder/?keywords=459a5273e5dbc348d118a48052078601

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×