openSUSE Security Update: Mozilla: February 2013 update round (Firefox 19)
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:0323-1
Rating:             important
References:         #796895 #804248 
Cross-References:   CVE-2013-0765 CVE-2013-0772 CVE-2013-0773
                    CVE-2013-0774 CVE-2013-0775 CVE-2013-0776
                    CVE-2013-0777 CVE-2013-0778 CVE-2013-0779
                    CVE-2013-0780 CVE-2013-0781 CVE-2013-0782
                    CVE-2013-0783
Affected Products:
                    openSUSE 12.2
                    openSUSE 12.1
______________________________________________________________________________

   An update that fixes 13 vulnerabilities is now available.

Description:


   MozillaFirefox was updated to Firefox 19.0 (bnc#804248)
   MozillaThunderbird was updated to Thunderbird 17.0.3
   (bnc#804248) seamonkey was updated to SeaMonkey 2.16
   (bnc#804248) xulrunner was updated to 17.0.3esr
   (bnc#804248) chmsee was updated to version 2.0.

   Changes in MozillaFirefox 19.0:
   * MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous
   memory safety hazards
   * MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds
   read in image rendering
   * MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL
   objects can be wrapped again
   * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
   bypass of COW and SOW security wrappers   * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
   JavaScript Workers   * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
   in nsImageLoadingContent
   * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
   HTTPS connection through malicious proxy
   * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
   CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
   Use-after-free, out of bounds read, and buffer overflow
   issues found using Address Sanitizer
   - removed obsolete patches
   * mozilla-webrtc.patch
   * mozilla-gstreamer-803287.patch
   - added patch to fix session restore window order
   (bmo#712763)

   - update to Firefox 18.0.2
   * blocklist and CTP updates
   * fixes in JS engine

   - update to Firefox 18.0.1
   * blocklist updates
   * backed out bmo#677092 (removed patch)
   * fixed problems involving HTTP proxy transactions

   - Fix WebRTC to build on powerpc

   Changes in MozillaThunderbird:
   - update to Thunderbird 17.0.3 (bnc#804248)
   * MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety
   hazards
   * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
   bypass of COW and SOW security wrappers   * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
   JavaScript Workers   * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
   in nsImageLoadingContent
   * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
   HTTPS connection through malicious proxy
   * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782
   Use-after-free, out of bounds read, and buffer overflow
   issues found using Address Sanitizer

   - update Enigmail to 1.5.1
   * The release fixes the regressions found in the past few
   weeks

   Changes in seamonkey:
   - update to SeaMonkey 2.16 (bnc#804248)
   * MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous
   memory safety hazards
   * MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds
   read in image rendering
   * MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL
   objects can be wrapped again
   * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
   bypass of COW and SOW security wrappers   * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
   JavaScript Workers   * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
   in nsImageLoadingContent
   * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
   HTTPS connection through malicious proxy
   * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
   CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
   Use-after-free, out of bounds read, and buffer overflow
   issues found using Address Sanitizer
   - removed obsolete patches
   * mozilla-webrtc.patch
   * mozilla-gstreamer-803287.patch

   - update to SeaMonkey 2.15.2
   * Applications could not be removed from the "Application
   details" dialog under Preferences, Helper Applications
   (bmo#826771).
   * View / Message Body As could show menu items out of
   context (bmo#831348)

   - update to SeaMonkey 2.15.1
   * backed out bmo#677092 (removed patch)
   * fixed problems involving HTTP proxy transactions

   - backed out restartless language packs as it broke
   multi-locale setup (bmo#677092, bmo#818468)

   Changes in xulrunner:
   - update to 17.0.3esr (bnc#804248)
   * MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety
   hazards
   * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
   bypass of COW and SOW security wrappers   * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
   JavaScript Workers   * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
   in nsImageLoadingContent
   * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
   HTTPS connection through malicious proxy
   * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782
   Use-after-free, out of bounds read, and buffer overflow
   issues found using Address Sanitizer


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.2:

      zypper in -t patch openSUSE-2013-141

   - openSUSE 12.1:

      zypper in -t patch openSUSE-2013-141

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 12.2 (i586 x86_64):

      MozillaFirefox-19.0-2.33.1
      MozillaFirefox-branding-upstream-19.0-2.33.1
      MozillaFirefox-buildsymbols-19.0-2.33.1
      MozillaFirefox-debuginfo-19.0-2.33.1
      MozillaFirefox-debugsource-19.0-2.33.1
      MozillaFirefox-devel-19.0-2.33.1
      MozillaFirefox-translations-common-19.0-2.33.1
      MozillaFirefox-translations-other-19.0-2.33.1
      MozillaThunderbird-17.0.3-49.31.1
      MozillaThunderbird-buildsymbols-17.0.3-49.31.1
      MozillaThunderbird-debuginfo-17.0.3-49.31.1
      MozillaThunderbird-debugsource-17.0.3-49.31.1
      MozillaThunderbird-devel-17.0.3-49.31.1
      MozillaThunderbird-devel-debuginfo-17.0.3-49.31.1
      MozillaThunderbird-translations-common-17.0.3-49.31.1
      MozillaThunderbird-translations-other-17.0.3-49.31.1
      chmsee-2.0-2.14.3
      chmsee-debuginfo-2.0-2.14.3
      chmsee-debugsource-2.0-2.14.3
      enigmail-1.5.1+17.0.3-49.31.1
      enigmail-debuginfo-1.5.1+17.0.3-49.31.1
      mozilla-js-17.0.3-2.30.1
      mozilla-js-debuginfo-17.0.3-2.30.1
      seamonkey-2.16-2.34.2
      seamonkey-debuginfo-2.16-2.34.2
      seamonkey-debugsource-2.16-2.34.2
      seamonkey-dom-inspector-2.16-2.34.2
      seamonkey-irc-2.16-2.34.2
      seamonkey-translations-common-2.16-2.34.2
      seamonkey-translations-other-2.16-2.34.2
      seamonkey-venkman-2.16-2.34.2
      xulrunner-17.0.3-2.30.1
      xulrunner-buildsymbols-17.0.3-2.30.1
      xulrunner-debuginfo-17.0.3-2.30.1
      xulrunner-debugsource-17.0.3-2.30.1
      xulrunner-devel-17.0.3-2.30.1
      xulrunner-devel-debuginfo-17.0.3-2.30.1

   - openSUSE 12.2 (x86_64):

      mozilla-js-32bit-17.0.3-2.30.1
      mozilla-js-debuginfo-32bit-17.0.3-2.30.1
      xulrunner-32bit-17.0.3-2.30.1
      xulrunner-debuginfo-32bit-17.0.3-2.30.1

   - openSUSE 12.1 (i586 x86_64):

      MozillaFirefox-19.0-2.62.1
      MozillaFirefox-branding-upstream-19.0-2.62.1
      MozillaFirefox-buildsymbols-19.0-2.62.1
      MozillaFirefox-debuginfo-19.0-2.62.1
      MozillaFirefox-debugsource-19.0-2.62.1
      MozillaFirefox-devel-19.0-2.62.1
      MozillaFirefox-translations-common-19.0-2.62.1
      MozillaFirefox-translations-other-19.0-2.62.1
      MozillaThunderbird-17.0.3-33.51.1
      MozillaThunderbird-buildsymbols-17.0.3-33.51.1
      MozillaThunderbird-debuginfo-17.0.3-33.51.1
      MozillaThunderbird-debugsource-17.0.3-33.51.1
      MozillaThunderbird-devel-17.0.3-33.51.1
      MozillaThunderbird-devel-debuginfo-17.0.3-33.51.1
      MozillaThunderbird-translations-common-17.0.3-33.51.1
      MozillaThunderbird-translations-other-17.0.3-33.51.1
      chmsee-2.0-2.32.3
      chmsee-debuginfo-2.0-2.32.3
      chmsee-debugsource-2.0-2.32.3
      enigmail-1.5.1+17.0.3-33.51.1
      enigmail-debuginfo-1.5.1+17.0.3-33.51.1
      mozilla-js-17.0.3-2.57.1
      mozilla-js-debuginfo-17.0.3-2.57.1
      seamonkey-2.16-2.53.1
      seamonkey-debuginfo-2.16-2.53.1
      seamonkey-debugsource-2.16-2.53.1
      seamonkey-dom-inspector-2.16-2.53.1
      seamonkey-irc-2.16-2.53.1
      seamonkey-translations-common-2.16-2.53.1
      seamonkey-translations-other-2.16-2.53.1
      seamonkey-venkman-2.16-2.53.1
      xulrunner-17.0.3-2.57.1
      xulrunner-buildsymbols-17.0.3-2.57.1
      xulrunner-debuginfo-17.0.3-2.57.1
      xulrunner-debugsource-17.0.3-2.57.1
      xulrunner-devel-17.0.3-2.57.1
      xulrunner-devel-debuginfo-17.0.3-2.57.1

   - openSUSE 12.1 (x86_64):

      mozilla-js-32bit-17.0.3-2.57.1
      mozilla-js-debuginfo-32bit-17.0.3-2.57.1
      xulrunner-32bit-17.0.3-2.57.1
      xulrunner-debuginfo-32bit-17.0.3-2.57.1

   - openSUSE 12.1 (ia64):

      mozilla-js-debuginfo-x86-17.0.3-2.57.1
      mozilla-js-x86-17.0.3-2.57.1
      xulrunner-debuginfo-x86-17.0.3-2.57.1
      xulrunner-x86-17.0.3-2.57.1


References:

   https://www.suse.com/security/cve/CVE-2013-0765.html
   https://www.suse.com/security/cve/CVE-2013-0772.html
   https://www.suse.com/security/cve/CVE-2013-0773.html
   https://www.suse.com/security/cve/CVE-2013-0774.html
   https://www.suse.com/security/cve/CVE-2013-0775.html
   https://www.suse.com/security/cve/CVE-2013-0776.html
   https://www.suse.com/security/cve/CVE-2013-0777.html
   https://www.suse.com/security/cve/CVE-2013-0778.html
   https://www.suse.com/security/cve/CVE-2013-0779.html
   https://www.suse.com/security/cve/CVE-2013-0780.html
   https://www.suse.com/security/cve/CVE-2013-0781.html
   https://www.suse.com/security/cve/CVE-2013-0782.html
   https://www.suse.com/security/cve/CVE-2013-0783.html
   https://bugzilla.novell.com/796895
   https://bugzilla.novell.com/804248

--

openSUSE: 2013:0323-1: important: Mozilla

February 22, 2013
An update that fixes 13 vulnerabilities is now available.

Description

MozillaFirefox was updated to Firefox 19.0 (bnc#804248) MozillaThunderbird was updated to Thunderbird 17.0.3 (bnc#804248) seamonkey was updated to SeaMonkey 2.16 (bnc#804248) xulrunner was updated to 17.0.3esr (bnc#804248) chmsee was updated to version 2.0. Changes in MozillaFirefox 19.0: * MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards * MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering * MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ ...

Read the Full Advisory

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2013-141 - openSUSE 12.1: zypper in -t patch openSUSE-2013-141 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 12.2 (i586 x86_64): MozillaFirefox-19.0-2.33.1 MozillaFirefox-branding-upstream-19.0-2.33.1 MozillaFirefox-buildsymbols-19.0-2.33.1 MozillaFirefox-debuginfo-19.0-2.33.1 MozillaFirefox-debugsource-19.0-2.33.1 MozillaFirefox-devel-19.0-2.33.1 MozillaFirefox-translations-common-19.0-2.33.1 MozillaFirefox-translations-other-19.0-2.33.1 MozillaThunderbird-17.0.3-49.31.1 MozillaThunderbird-buildsymbols-17.0.3-49.31.1 MozillaThunderbird-debuginfo-17.0.3-49.31.1 MozillaThunderbird-debugsource-17.0.3-49.31.1 MozillaThunderbird-devel-17.0.3-49.31.1 MozillaThunderbird-devel-debuginfo-17.0.3-49.31.1 MozillaThunderbird-translations-common-17.0.3-49.31.1 MozillaThunderbird-translations-other-17.0.3-49.31.1 chmsee-2.0-2.14.3 chmsee-debuginfo-2.0-2.14.3 chmsee-debugsource-2.0-2.14.3 enigmail-1.5.1+17.0.3-49.31.1 enigmail-debuginfo-1.5.1+17.0.3-49.31.1 mozilla-js-17.0.3-2.30.1 mozilla-js-debuginfo-17.0.3-2.30.1 seamonkey-2.16-2.34.2 seamonkey-debuginfo-2.16-2.34.2 seamonkey-debugsource-2.16-2.34.2 seamonkey-dom-inspector-2.16-2.34.2 seamonkey-irc-2.16-2.34.2 seamonkey-translations-common-2.16-2.34.2 seamonkey-translations-other-2.16-2.34.2 seamonkey-venkman-2.16-2.34.2 xulrunner-17.0.3-2.30.1 xulrunner-buildsymbols-17.0.3-2.30.1 xulrunner-debuginfo-17.0.3-2.30.1 xulrunner-debugsource-17.0.3-2.30.1 xulrunner-devel-17.0.3-2.30.1 xulrunner-devel-debuginfo-17.0.3-2.30.1 - openSUSE 12.2 (x86_64): mozilla-js-32bit-17.0.3-2.30.1 mozilla-js-debuginfo-32bit-17.0.3-2.30.1 xulrunner-32bit-17.0.3-2.30.1 xulrunner-debuginfo-32bit-17.0.3-2.30.1 - openSUSE 12.1 (i586 x86_64): MozillaFirefox-19.0-2.62.1 MozillaFirefox-branding-upstream-19.0-2.62.1 MozillaFirefox-buildsymbols-19.0-2.62.1 MozillaFirefox-debuginfo-19.0-2.62.1 MozillaFirefox-debugsource-19.0-2.62.1 MozillaFirefox-devel-19.0-2.62.1 MozillaFirefox-translations-common-19.0-2.62.1 MozillaFirefox-translations-other-19.0-2.62.1 MozillaThunderbird-17.0.3-33.51.1 MozillaThunderbird-buildsymbols-17.0.3-33.51.1 MozillaThunderbird-debuginfo-17.0.3-33.51.1 MozillaThunderbird-debugsource-17.0.3-33.51.1 MozillaThunderbird-devel-17.0.3-33.51.1 MozillaThunderbird-devel-debuginfo-17.0.3-33.51.1 MozillaThunderbird-translations-common-17.0.3-33.51.1 MozillaThunderbird-translations-other-17.0.3-33.51.1 chmsee-2.0-2.32.3 chmsee-debuginfo-2.0-2.32.3 chmsee-debugsource-2.0-2.32.3 enigmail-1.5.1+17.0.3-33.51.1 enigmail-debuginfo-1.5.1+17.0.3-33.51.1 mozilla-js-17.0.3-2.57.1 mozilla-js-debuginfo-17.0.3-2.57.1 seamonkey-2.16-2.53.1 seamonkey-debuginfo-2.16-2.53.1 seamonkey-debugsource-2.16-2.53.1 seamonkey-dom-inspector-2.16-2.53.1 seamonkey-irc-2.16-2.53.1 seamonkey-translations-common-2.16-2.53.1 seamonkey-translations-other-2.16-2.53.1 seamonkey-venkman-2.16-2.53.1 xulrunner-17.0.3-2.57.1 xulrunner-buildsymbols-17.0.3-2.57.1 xulrunner-debuginfo-17.0.3-2.57.1 xulrunner-debugsource-17.0.3-2.57.1 xulrunner-devel-17.0.3-2.57.1 xulrunner-devel-debuginfo-17.0.3-2.57.1 - openSUSE 12.1 (x86_64): mozilla-js-32bit-17.0.3-2.57.1 mozilla-js-debuginfo-32bit-17.0.3-2.57.1 xulrunner-32bit-17.0.3-2.57.1 xulrunner-debuginfo-32bit-17.0.3-2.57.1 - openSUSE 12.1 (ia64): mozilla-js-debuginfo-x86-17.0.3-2.57.1 mozilla-js-x86-17.0.3-2.57.1 xulrunner-debuginfo-x86-17.0.3-2.57.1 xulrunner-x86-17.0.3-2.57.1


References

https://www.suse.com/security/cve/CVE-2013-0765.html https://www.suse.com/security/cve/CVE-2013-0772.html https://www.suse.com/security/cve/CVE-2013-0773.html https://www.suse.com/security/cve/CVE-2013-0774.html https://www.suse.com/security/cve/CVE-2013-0775.html https://www.suse.com/security/cve/CVE-2013-0776.html https://www.suse.com/security/cve/CVE-2013-0777.html https://www.suse.com/security/cve/CVE-2013-0778.html https://www.suse.com/security/cve/CVE-2013-0779.html https://www.suse.com/security/cve/CVE-2013-0780.html https://www.suse.com/security/cve/CVE-2013-0781.html https://www.suse.com/security/cve/CVE-2013-0782.html https://www.suse.com/security/cve/CVE-2013-0783.html https://bugzilla.novell.com/796895 https://bugzilla.novell.com/804248--


Severity
Announcement ID: openSUSE-SU-2013:0323-1
Rating: important
Affected Products: openSUSE 12.2 openSUSE 12.1

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved