Security update for Mozilla Firefox
SUSE Security Update: Security update for Mozilla Firefox
MozillaFirefox has been updated to the 24.2.0 ESR security
release.
This is a major upgrade from the 17 ESR release branch.
Security issues fixed:
* CVE-2013-5611 Application Installation doorhanger
persists on navigation (MFSA 2013-105)
* CVE-2013-5609 Miscellaneous memory safety hazards
(rv:24.2) (MFSA 2013-104)
* CVE-2013-5610 Miscellaneous memory safety hazards
(rv:26.0) (MFSA 2013-104)
* CVE-2013-5612 Character encoding cross-origin XSS
attack (MFSA 2013-106)
* CVE-2013-5614 Sandbox restrictions not applied to
nested object elements (MFSA 2013-107)
* CVE-2013-5616 Use-after-free in event listeners (MFSA
2013-108)
* CVE-2013-5619 Potential overflow in JavaScript binary
search algorithms (MFSA 2013-110)
* CVE-2013-6671 Segmentation violation when replacing
ordered list elements (MFSA 2013-111)
* CVE-2013-6673 Trust settings for built-in roots
ignored during EV certificate validation (MFSA 2013-113)
* CVE-2013-5613 Use-after-free in synthetic mouse
movement (MFSA 2013-114)
* CVE-2013-5615 GetElementIC typed array stubs can be
generated outside observed typesets (MFSA 2013-115)
* CVE-2013-6672 Linux clipboard information disclosure
though selection paste (MFSA 2013-112)
* CVE-2013-5618 Use-after-free during Table Editing
(MFSA 2013-109)
Security Issue references:
* CVE-2013-5609
>
* CVE-2013-5610
>
* CVE-2013-5611
>
* CVE-2013-5612
>
* CVE-2013-5613
>
* CVE-2013-5614
>
* CVE-2013-5615
>
* CVE-2013-5616
>
* CVE-2013-5618
>
* CVE-2013-5619
>
* CVE-2013-6671
>
* CVE-2013-6672
>
* CVE-2013-6673
>
| Announcement ID: | SUSE-SU-2013:1919-1 |
| Rating: | important |
| References: | #854367 #854370 |
| Affected Products: |
An update that fixes 13 vulnerabilities is now available. It includes two new package versions.
Description:
MozillaFirefox has been updated to the 24.2.0 ESR security
release.
This is a major upgrade from the 17 ESR release branch.
Security issues fixed:
* CVE-2013-5611 Application Installation doorhanger
persists on navigation (MFSA 2013-105)
* CVE-2013-5609 Miscellaneous memory safety hazards
(rv:24.2) (MFSA 2013-104)
* CVE-2013-5610 Miscellaneous memory safety hazards
(rv:26.0) (MFSA 2013-104)
* CVE-2013-5612 Character encoding cross-origin XSS
attack (MFSA 2013-106)
* CVE-2013-5614 Sandbox restrictions not applied to
nested object elements (MFSA 2013-107)
* CVE-2013-5616 Use-after-free in event listeners (MFSA
2013-108)
* CVE-2013-5619 Potential overflow in JavaScript binary
search algorithms (MFSA 2013-110)
* CVE-2013-6671 Segmentation violation when replacing
ordered list elements (MFSA 2013-111)
* CVE-2013-6673 Trust settings for built-in roots
ignored during EV certificate validation (MFSA 2013-113)
* CVE-2013-5613 Use-after-free in synthetic mouse
movement (MFSA 2013-114)
* CVE-2013-5615 GetElementIC typed array stubs can be
generated outside observed typesets (MFSA 2013-115)
* CVE-2013-6672 Linux clipboard information disclosure
though selection paste (MFSA 2013-112)
* CVE-2013-5618 Use-after-free during Table Editing
(MFSA 2013-109)
Security Issue references:
* CVE-2013-5609
* CVE-2013-5610
* CVE-2013-5611
* CVE-2013-5612
* CVE-2013-5613
* CVE-2013-5614
* CVE-2013-5615
* CVE-2013-5616
* CVE-2013-5618
* CVE-2013-5619
* CVE-2013-6671
* CVE-2013-6672
* CVE-2013-6673
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-firefox24-201312-8657 - SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-firefox24-201312-8657 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-firefox24-201312-8657 - SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-firefox24-201312-8657
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3.1]:
- MozillaFirefox-devel-24.2.0esr-0.7.1
- mozilla-nss-devel-3.15.3.1-0.7.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 24.2.0esr and 3.15.3.1]:
- MozillaFirefox-24.2.0esr-0.7.1
- MozillaFirefox-translations-24.2.0esr-0.7.1
- libfreebl3-3.15.3.1-0.7.1
- libsoftokn3-3.15.3.1-0.7.1
- mozilla-nss-3.15.3.1-0.7.1
- mozilla-nss-tools-3.15.3.1-0.7.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.15.3.1]:
- libfreebl3-32bit-3.15.3.1-0.7.1
- libsoftokn3-32bit-3.15.3.1-0.7.1
- mozilla-nss-32bit-3.15.3.1-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 24.2.0esr and 3.15.3.1]:
- MozillaFirefox-24.2.0esr-0.7.1
- MozillaFirefox-branding-SLED-24-0.7.4
- MozillaFirefox-translations-24.2.0esr-0.7.1
- libfreebl3-3.15.3.1-0.7.1
- libsoftokn3-3.15.3.1-0.7.1
- mozilla-nss-3.15.3.1-0.7.1
- mozilla-nss-tools-3.15.3.1-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.15.3.1]:
- libfreebl3-32bit-3.15.3.1-0.7.1
- libsoftokn3-32bit-3.15.3.1-0.7.1
- mozilla-nss-32bit-3.15.3.1-0.7.1
- SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.15.3.1]:
- libfreebl3-x86-3.15.3.1-0.7.1
- libsoftokn3-x86-3.15.3.1-0.7.1
- mozilla-nss-x86-3.15.3.1-0.7.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.2.0esr and 3.15.3.1]:
- MozillaFirefox-24.2.0esr-0.7.1
- MozillaFirefox-branding-SLED-24-0.7.4
- MozillaFirefox-translations-24.2.0esr-0.7.1
- libfreebl3-3.15.3.1-0.7.1
- libsoftokn3-3.15.3.1-0.7.1
- mozilla-nss-3.15.3.1-0.7.1
- mozilla-nss-tools-3.15.3.1-0.7.1
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.15.3.1]:
- libfreebl3-32bit-3.15.3.1-0.7.1
- libsoftokn3-32bit-3.15.3.1-0.7.1
- mozilla-nss-32bit-3.15.3.1-0.7.1
References:
- http://support.novell.com/security/cve/CVE-2013-5609.html
- http://support.novell.com/security/cve/CVE-2013-5610.html
- http://support.novell.com/security/cve/CVE-2013-5611.html
- http://support.novell.com/security/cve/CVE-2013-5612.html
- http://support.novell.com/security/cve/CVE-2013-5613.html
- http://support.novell.com/security/cve/CVE-2013-5614.html
- http://support.novell.com/security/cve/CVE-2013-5615.html
- http://support.novell.com/security/cve/CVE-2013-5616.html
- http://support.novell.com/security/cve/CVE-2013-5618.html
- http://support.novell.com/security/cve/CVE-2013-5619.html
- http://support.novell.com/security/cve/CVE-2013-6671.html
- http://support.novell.com/security/cve/CVE-2013-6672.html
- http://support.novell.com/security/cve/CVE-2013-6673.html
- https://bugzilla.novell.com/854367
- https://bugzilla.novell.com/854370
- http://download.suse.com/patch/finder/?keywords=b65ba217110f17441675bc6fc74570d4