Security update for Mozilla Firefox
SUSE Security Update: Security update for Mozilla Firefox
This update to Firefox 17.0.9esr (bnc#840485) addresses:
* MFSA 2013-91 User-defined properties on DOM proxies
get the wrong "this" object o (CVE-2013-1737)
* MFSA 2013-90 Memory corruption involving scrolling o
use-after-free in mozilla::layout::ScrollbarActivity
(CVE-2013-1735) o Memory corruption in
nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736)
* MFSA 2013-89 Buffer overflow with multi-column,
lists, and floats o buffer overflow at
nsFloatManager::GetFlowArea() with multicol, list, floats
(CVE-2013-1732)
* MFSA 2013-88 compartment mismatch re-attaching
XBL-backed nodes o compartment mismatch in
nsXBLBinding::DoInitJSClass (CVE-2013-1730)
* MFSA 2013-83 Mozilla Updater does not lock MAR file
after signature verification o MAR signature bypass in
Updater could lead to downgrade (CVE-2013-1726)
* MFSA 2013-82 Calling scope for new Javascript objects
can lead to memory corruption o ABORT: bad scope for new
JSObjects: ReparentWrapper / document.open (CVE-2013-1725)
* MFSA 2013-79 Use-after-free in Animation Manager
during stylesheet cloning o Heap-use-after-free in
nsAnimationManager::BuildAnimations (CVE-2013-1722)
* MFSA 2013-76 Miscellaneous memory safety hazards
(rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox
17.0.9 and Firefox 24.0 (CVE-2013-1718)
* MFSA 2013-65 Buffer underflow when generating CRMF
requests o ASAN heap-buffer-overflow (read 1) in
cryptojs_interpret_key_gen_type (CVE-2013-1705)
Security Issue references:
* CVE-2013-1737
>
* CVE-2013-1735
>
* CVE-2013-1736
>
* CVE-2013-1732
>
* CVE-2013-1730
>
* CVE-2013-1726
>
* CVE-2013-1725
>
* CVE-2013-1722
>
* CVE-2013-1718
>
* CVE-2013-1705
>
| Announcement ID: | SUSE-SU-2013:1497-1 |
| Rating: | important |
| References: | #840485 |
| Affected Products: |
An update that fixes 10 vulnerabilities is now available. It includes one version update.
Description:
This update to Firefox 17.0.9esr (bnc#840485) addresses:
* MFSA 2013-91 User-defined properties on DOM proxies
get the wrong "this" object o (CVE-2013-1737)
* MFSA 2013-90 Memory corruption involving scrolling o
use-after-free in mozilla::layout::ScrollbarActivity
(CVE-2013-1735) o Memory corruption in
nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736)
* MFSA 2013-89 Buffer overflow with multi-column,
lists, and floats o buffer overflow at
nsFloatManager::GetFlowArea() with multicol, list, floats
(CVE-2013-1732)
* MFSA 2013-88 compartment mismatch re-attaching
XBL-backed nodes o compartment mismatch in
nsXBLBinding::DoInitJSClass (CVE-2013-1730)
* MFSA 2013-83 Mozilla Updater does not lock MAR file
after signature verification o MAR signature bypass in
Updater could lead to downgrade (CVE-2013-1726)
* MFSA 2013-82 Calling scope for new Javascript objects
can lead to memory corruption o ABORT: bad scope for new
JSObjects: ReparentWrapper / document.open (CVE-2013-1725)
* MFSA 2013-79 Use-after-free in Animation Manager
during stylesheet cloning o Heap-use-after-free in
nsAnimationManager::BuildAnimations (CVE-2013-1722)
* MFSA 2013-76 Miscellaneous memory safety hazards
(rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox
17.0.9 and Firefox 24.0 (CVE-2013-1718)
* MFSA 2013-65 Buffer underflow when generating CRMF
requests o ASAN heap-buffer-overflow (read 1) in
cryptojs_interpret_key_gen_type (CVE-2013-1705)
Security Issue references:
* CVE-2013-1737
* CVE-2013-1735
* CVE-2013-1736
* CVE-2013-1732
* CVE-2013-1730
* CVE-2013-1726
* CVE-2013-1725
* CVE-2013-1722
* CVE-2013-1718
* CVE-2013-1705
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-MozillaFirefox-8344 - SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-MozillaFirefox-8344 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-MozillaFirefox-8344 - SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-MozillaFirefox-8346 - SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-MozillaFirefox-8346 - SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-MozillaFirefox-8344 - SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-MozillaFirefox-8346
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- MozillaFirefox-devel-17.0.9esr-0.7.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 17.0.9esr]:
- MozillaFirefox-17.0.9esr-0.7.1
- MozillaFirefox-translations-17.0.9esr-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.9esr]:
- MozillaFirefox-17.0.9esr-0.7.1
- MozillaFirefox-translations-17.0.9esr-0.7.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 17.0.9esr]:
- MozillaFirefox-17.0.9esr-0.3.1
- MozillaFirefox-translations-17.0.9esr-0.3.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.9esr]:
- MozillaFirefox-17.0.9esr-0.3.1
- MozillaFirefox-translations-17.0.9esr-0.3.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 17.0.9esr]:
- MozillaFirefox-17.0.9esr-0.7.1
- MozillaFirefox-translations-17.0.9esr-0.7.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 17.0.9esr]:
- MozillaFirefox-17.0.9esr-0.3.1
- MozillaFirefox-translations-17.0.9esr-0.3.1
References:
- http://support.novell.com/security/cve/CVE-2013-1705.html
- http://support.novell.com/security/cve/CVE-2013-1718.html
- http://support.novell.com/security/cve/CVE-2013-1722.html
- http://support.novell.com/security/cve/CVE-2013-1725.html
- http://support.novell.com/security/cve/CVE-2013-1726.html
- http://support.novell.com/security/cve/CVE-2013-1730.html
- http://support.novell.com/security/cve/CVE-2013-1732.html
- http://support.novell.com/security/cve/CVE-2013-1735.html
- http://support.novell.com/security/cve/CVE-2013-1736.html
- http://support.novell.com/security/cve/CVE-2013-1737.html
- https://bugzilla.novell.com/840485
- http://download.suse.com/patch/finder/?keywords=4df7bcc5f235f358ce6dcbd142b37d5a
- http://download.suse.com/patch/finder/?keywords=a1902baf1b0df196651ea0bae84e6001