SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:1592-1
Rating:             important
References:         #790140 
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 11 SP2
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that contains security fixes can now be
   installed. It includes two new package versions.

Description:


   Mozilla Firefox has been updated to the 10.0.11 ESR
   security release, which  fixes various bugs and security
   issues.

   *

   MFSA 2012-106: Security researcher miaubiz used the
   Address Sanitizer tool to discover a series critically
   rated of use-after-free, buffer overflow, and memory
   corruption issues in shipped software. These issues are
   potentially exploitable, allowing for remote code
   execution. We would also like to thank miaubiz for
   reporting two additional use-after-free and memory
   corruption issues introduced during Firefox development
   that have been fixed before general release.

   In general these flaws cannot be exploited through
   email in the Thunderbird and SeaMonkey products because
   scripting is disabled, but are potentially a risk in
   browser or browser-like contexts in those products.
   References

   The following issues have been fixed in Firefox 17
   and ESR 10.0.11:

   o use-after-free when loading html file on osx
   (CVE-2012-5830) o Mesa crashes on certain texImage2D calls
   involving level>0 (CVE-2012-5833) o integer overflow,
   invalid write w/webgl bufferdata (CVE-2012-5835)

   The following issues have been fixed in Firefox 17:

   o crash in copyTexImage2D with image dimensions
   too large for given level (CVE-2012-5838)
   *

   MFSA 2012-105: Security researcher Abhishek Arya
   (Inferno) of the Google Chrome Security Team discovered a
   series critically rated of use-after-free and buffer
   overflow issues using the Address Sanitizer tool in shipped
   software. These issues are potentially exploitable,
   allowing for remote code execution. We would also like to
   thank Abhishek for reporting five additional
   use-after-free, out of bounds read, and buffer overflow
   flaws introduced during Firefox development that have been
   fixed before general release.

   In general these flaws cannot be exploited through
   email in the Thunderbird and SeaMonkey products because
   scripting is disabled, but are potentially a risk in
   browser or browser-like contexts in those products.
   References

   The following issues have been fixed in Firefox 17
   and ESR 10.0.11:

   o Heap-use-after-free in
   nsTextEditorState::PrepareEditor (CVE-2012-4214) o
   Heap-use-after-free in
   nsPlaintextEditor::FireClipboardEvent (CVE-2012-4215) o
   Heap-use-after-free in gfxFont::GetFontEntry
   (CVE-2012-4216) o Heap-buffer-overflow in
   nsWindow::OnExposeEvent (CVE-2012-5829) o
   heap-buffer-overflow in
   gfxShapedWord::CompressedGlyph::IsClusterStart o
   CVE-2012-5839 o Heap-use-after-free in
   nsTextEditorState::PrepareEditor (CVE-2012-5840)

   The following issues have been fixed in Firefox 17:

   o Heap-use-after-free in XPCWrappedNative::Mark
   (CVE-2012-4212) o Heap-use-after-free in
   nsEditor::FindNextLeafNode (CVE-2012-4213) o
   Heap-use-after-free in nsViewManager::ProcessPendingUpdates
   (CVE-2012-4217) o Heap-use-after-free
   BuildTextRunsScanner::BreakSink::SetBreaks (CVE-2012-4218)
   *

   MFSA 2012-104 / CVE-2012-4210: Security researcher
   Mariusz Mlynski reported that when a maliciously crafted
   stylesheet is inspected in the Style Inspector, HTML and
   CSS can run in a chrome privileged context without being
   properly sanitized first. This can lead to arbitrary code
   execution.

   *

   MFSA 2012-103 / CVE-2012-4209: Security researcher
   Mariusz Mlynski reported that the location property can be
   accessed by binary plugins through top.location with a
   frame whose name attribute's value is set to "top". This
   can allow for possible cross-site scripting (XSS) attacks
   through plugins.

   In general these flaws cannot be exploited through
   email in the Thunderbird and SeaMonkey products because
   scripting is disabled, but are potentially a risk in
   browser or browser-like contexts in those products.

   *

   MFSA 2012-102 / CVE-2012-5837: Security researcher
   Masato Kinugawa reported that when script is entered into
   the Developer Toolbar, it runs in a chrome privileged
   context. This allows for arbitrary code execution or
   cross-site scripting (XSS) if a user can be convinced to
   paste malicious code into the Developer Toolbar.

   *

   MFSA 2012-101 / CVE-2012-4207: Security researcher
   Masato Kinugawa found when HZ-GB-2312 charset encoding is
   used for text, the "~" character will destroy another
   character near the chunk delimiter. This can lead to a
   cross-site scripting (XSS) attack in pages encoded in
   HZ-GB-2312.

   *

   MFSA 2012-100 / CVE-2012-5841: Mozilla developer
   Bobby Holley reported that security wrappers filter at the
   time of property access, but once a function is returned,
   the caller can use this function without further security
   checks. This affects cross-origin wrappers, allowing for
   write actions on objects when only read actions should be
   properly allowed. This can lead to cross-site scripting
   (XSS) attacks.

   In general these flaws cannot be exploited through
   email in the Thunderbird and SeaMonkey products because
   scripting is disabled, but are potentially a risk in
   browser or browser-like contexts in those products.

   *

   MFSA 2012-99 / CVE-2012-4208: Mozilla developer Peter
   Van der Beken discovered that same-origin XrayWrappers   expose chrome-only properties even when not in a chrome
   compartment. This can allow web content to get properties
   of DOM objects that are intended to be chrome-only.

   In general these flaws cannot be exploited through
   email in the Thunderbird and SeaMonkey products because
   scripting is disabled, but are potentially a risk in
   browser or browser-like contexts in those products.

   *

   MFSA 2012-98 / CVE-2012-4206: Security researcher
   Robert Kugler reported that when a specifically named DLL
   file on a Windows computer is placed in the default
   downloads directory with the Firefox installer, the Firefox
   installer will load this DLL when it is launched. In
   circumstances where the installer is run by an
   administrator privileged account, this allows for the
   downloaded DLL file to be run with administrator
   privileges. This can lead to arbitrary code execution from
   a privileged account.

   *

   MFSA 2012-97 / CVE-2012-4205: Mozilla developer Gabor
   Krizsanits discovered that XMLHttpRequest objects created
   within sandboxes have the system principal instead of the
   sandbox principal. This can lead to cross-site request
   forgery (CSRF) or information theft via an add-on running
   untrusted code in a sandbox.

   *

   MFSA 2012-96 / CVE-2012-4204: Security researcher
   Scott Bell of Security-Assessment.com used the Address
   Sanitizer tool to discover a memory corruption in
   str_unescape in the Javascript engine. This could
   potentially lead to arbitrary code execution.

   In general these flaws cannot be exploited through
   email in the Thunderbird and SeaMonkey products because
   scripting is disabled, but are potentially a risk in
   browser or browser-like contexts in those products.

   *

   MFSA 2012-95 / CVE-2012-4203: Security researcher
   kakzz.ng@gmail.com reported that if a javascript: URL is
   selected from the list of Firefox "new tab" page, the
   script will inherit the privileges of the privileged "new
   tab" page. This allows for the execution of locally
   installed programs if a user can be convinced to save a
   bookmark of a malicious javascript: URL.

   *

   MFSA 2012-94 / CVE-2012-5836: Security researcher
   Jonathan Stephens discovered that combining SVG text on a
   path with the setting of CSS properties could lead to a
   potentially exploitable crash.

   *

   MFSA 2012-93 / CVE-2012-4201: Mozilla security
   researcher moz_bug_r_a4 reported that if code executed by
   the evalInSandbox function sets location.href, it can get
   the wrong subject principal for the URL check, ignoring the
   sandbox's Javascript context and gaining the context of
   evalInSandbox object. This can lead to malicious web
   content being able to perform a cross-site scripting (XSS)
   attack or stealing a copy of a local file if the user has
   installed an add-on vulnerable to this attack.

   *

   MFSA 2012-92 / CVE-2012-4202: Security researcher
   Atte Kettunen from OUSPG used the Address Sanitizer tool to
   discover a buffer overflow while rendering GIF format
   images. This issue is potentially exploitable and could
   lead to arbitrary code execution.

   *

   MFSA 2012-91: Mozilla developers identified and fixed
   several memory safety bugs in the browser engine used in
   Firefox and other Mozilla-based products. Some of these
   bugs showed evidence of memory corruption under certain
   circumstances, and we presume that with enough effort at
   least some of these could be exploited to run arbitrary
   code.

   In general these flaws cannot be exploited through
   email in the Thunderbird and SeaMonkey products because
   scripting is disabled, but are potentially a risk in
   browser or browser-like contexts in those products.
   References

   Gary Kwong, Jesse Ruderman, Christian Holler, Bob
   Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky,
   Julian Seward, and Bill McCloskey reported memory safety
   problems and crashes that affect Firefox 16. (CVE-2012-5843)

   Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle
   Huey reported memory safety problems and crashes that
   affect Firefox ESR 10 and Firefox 16. (CVE-2012-5842)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-firefox-20121121-7093

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-firefox-20121121-7093

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-firefox-20121121-7093

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-firefox-20121121-7093

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.14]:

      mozilla-nss-devel-3.14-0.3.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 10.0.11 and 3.14]:

      MozillaFirefox-10.0.11-0.3.1
      MozillaFirefox-translations-10.0.11-0.3.1
      libfreebl3-3.14-0.3.1
      mozilla-nss-3.14-0.3.1
      mozilla-nss-tools-3.14-0.3.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.14]:

      libfreebl3-32bit-3.14-0.3.1
      mozilla-nss-32bit-3.14-0.3.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.11 and 3.14]:

      MozillaFirefox-10.0.11-0.3.1
      MozillaFirefox-translations-10.0.11-0.3.1
      libfreebl3-3.14-0.3.1
      mozilla-nss-3.14-0.3.1
      mozilla-nss-tools-3.14-0.3.1

   - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.14]:

      libfreebl3-32bit-3.14-0.3.1
      mozilla-nss-32bit-3.14-0.3.1

   - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.14]:

      libfreebl3-x86-3.14-0.3.1
      mozilla-nss-x86-3.14-0.3.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.14]:

      mozilla-nss-3.14-0.6.1
      mozilla-nss-devel-3.14-0.6.1
      mozilla-nss-tools-3.14-0.6.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x):

      MozillaFirefox-10.0.11-0.5.1
      MozillaFirefox-translations-10.0.11-0.5.1

   - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 3.14]:

      mozilla-nss-32bit-3.14-0.6.1

   - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.14]:

      mozilla-nss-x86-3.14-0.6.1

   - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.14]:

      mozilla-nss-64bit-3.14-0.6.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 10.0.11 and 3.14]:

      MozillaFirefox-10.0.11-0.3.1
      MozillaFirefox-translations-10.0.11-0.3.1
      libfreebl3-3.14-0.3.1
      mozilla-nss-3.14-0.3.1
      mozilla-nss-tools-3.14-0.3.1

   - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.14]:

      libfreebl3-32bit-3.14-0.3.1
      mozilla-nss-32bit-3.14-0.3.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 3.14]:

      mozilla-nss-3.14-0.6.1
      mozilla-nss-devel-3.14-0.6.1
      mozilla-nss-tools-3.14-0.6.1

   - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 3.14]:

      mozilla-nss-32bit-3.14-0.6.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586):

      MozillaFirefox-10.0.11-0.5.1
      MozillaFirefox-translations-10.0.11-0.5.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.14]:

      mozilla-nss-tools-3.14-0.6.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x):

      MozillaFirefox-branding-upstream-10.0.11-0.5.1


References:

   https://bugzilla.novell.com/790140
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2012:1592-1: important: Mozilla Firefox

November 29, 2012
An update that contains security fixes can now be An update that contains security fixes can now be An update that contains security fixes can now be installed

Summary

Mozilla Firefox has been updated to the 10.0.11 ESR security release, which fixes various bugs and security issues. * MFSA 2012-106: Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o use-after-free when loading html file on osx (CVE-2012-5830) o Mesa crashes on certain texImage2D calls involving level>0 (CVE-2012-5833) o integer overflow, invalid write w/webgl bufferdata (CVE-2012-5835) The following issues have been fixed in Firefox 17: o crash in copyTexImage2D with image dimensions too large for given level (CVE-2012-5838) * MFSA 2012-105: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-4214) o Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent (CVE-2012-4215) o Heap-use-after-free in gfxFont::GetFontEntry (CVE-2012-4216) o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) o heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart o CVE-2012-5839 o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-5840) The following issues have been fixed in Firefox 17: o Heap-use-after-free in XPCWrappedNative::Mark (CVE-2012-4212) o Heap-use-after-free in nsEditor::FindNextLeafNode (CVE-2012-4213) o Heap-use-after-free in nsViewManager::ProcessPendingUpdates (CVE-2012-4217) o Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks (CVE-2012-4218) * MFSA 2012-104 / CVE-2012-4210: Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution. * MFSA 2012-103 / CVE-2012-4209: Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to "top". This can allow for possible cross-site scripting (XSS) attacks through plugins. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-102 / CVE-2012-5837: Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting (XSS) if a user can be convinced to paste malicious code into the Developer Toolbar. * MFSA 2012-101 / CVE-2012-4207: Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the "~" character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312. * MFSA 2012-100 / CVE-2012-5841: Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-99 / CVE-2012-4208: Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-98 / CVE-2012-4206: Security researcher Robert Kugler reported that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL when it is launched. In circumstances where the installer is run by an administrator privileged account, this allows for the downloaded DLL file to be run with administrator privileges. This can lead to arbitrary code execution from a privileged account. * MFSA 2012-97 / CVE-2012-4205: Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox. * MFSA 2012-96 / CVE-2012-4204: Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in str_unescape in the Javascript engine. This could potentially lead to arbitrary code execution. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. * MFSA 2012-95 / CVE-2012-4203: Security researcher kakzz.ng@gmail.com reported that if a javascript: URL is selected from the list of Firefox "new tab" page, the script will inherit the privileges of the privileged "new tab" page. This allows for the execution of locally installed programs if a user can be convinced to save a bookmark of a malicious javascript: URL. * MFSA 2012-94 / CVE-2012-5836: Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash. * MFSA 2012-93 / CVE-2012-4201: Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack. * MFSA 2012-92 / CVE-2012-4202: Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. * MFSA 2012-91: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, and Bill McCloskey reported memory safety problems and crashes that affect Firefox 16. (CVE-2012-5843) Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle Huey reported memory safety problems and crashes that affect Firefox ESR 10 and Firefox 16. (CVE-2012-5842) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-firefox-20121121-7093 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-firefox-20121121-7093 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-firefox-20121121-7093 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-firefox-20121121-7093 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.14]: mozilla-nss-devel-3.14-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 10.0.11 and 3.14]: MozillaFirefox-10.0.11-0.3.1 MozillaFirefox-translations-10.0.11-0.3.1 libfreebl3-3.14-0.3.1 mozilla-nss-3.14-0.3.1 mozilla-nss-tools-3.14-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.14]: libfreebl3-32bit-3.14-0.3.1 mozilla-nss-32bit-3.14-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.11 and 3.14]: MozillaFirefox-10.0.11-0.3.1 MozillaFirefox-translations-10.0.11-0.3.1 libfreebl3-3.14-0.3.1 mozilla-nss-3.14-0.3.1 mozilla-nss-tools-3.14-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.14]: libfreebl3-32bit-3.14-0.3.1 mozilla-nss-32bit-3.14-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.14]: libfreebl3-x86-3.14-0.3.1 mozilla-nss-x86-3.14-0.3.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.14]: mozilla-nss-3.14-0.6.1 mozilla-nss-devel-3.14-0.6.1 mozilla-nss-tools-3.14-0.6.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-10.0.11-0.5.1 MozillaFirefox-translations-10.0.11-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 3.14]: mozilla-nss-32bit-3.14-0.6.1 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.14]: mozilla-nss-x86-3.14-0.6.1 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.14]: mozilla-nss-64bit-3.14-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 10.0.11 and 3.14]: MozillaFirefox-10.0.11-0.3.1 MozillaFirefox-translations-10.0.11-0.3.1 libfreebl3-3.14-0.3.1 mozilla-nss-3.14-0.3.1 mozilla-nss-tools-3.14-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.14]: libfreebl3-32bit-3.14-0.3.1 mozilla-nss-32bit-3.14-0.3.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 3.14]: mozilla-nss-3.14-0.6.1 mozilla-nss-devel-3.14-0.6.1 mozilla-nss-tools-3.14-0.6.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 3.14]: mozilla-nss-32bit-3.14-0.6.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586): MozillaFirefox-10.0.11-0.5.1 MozillaFirefox-translations-10.0.11-0.5.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.14]: mozilla-nss-tools-3.14-0.6.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-branding-upstream-10.0.11-0.5.1

References

#790140

Affected Products:

SUSE Linux Enterprise Software Development Kit 11 SP2

SUSE Linux Enterprise Server 11 SP2 for VMware

SUSE Linux Enterprise Server 11 SP2

SUSE Linux Enterprise Server 10 SP4

SUSE Linux Enterprise Desktop 11 SP2

SUSE Linux Enterprise Desktop 10 SP4

SLE SDK 10 SP4

https://bugzilla.novell.com/790140

https://login.microfocus.com/nidp/app/login

https://login.microfocus.com/nidp/app/login

Severity
Announcement ID: SUSE-SU-2012:1592-1
Rating: important

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved