SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1153-1
Rating:             important
References:         #825935 
Cross-References:   CVE-2013-1682 CVE-2013-1684 CVE-2013-1685
                    CVE-2013-1686 CVE-2013-1687 CVE-2013-1690
                    CVE-2013-1692 CVE-2013-1693 CVE-2013-1697
                   
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Server 11 SP1 for VMware LTSS
                    SUSE Linux Enterprise Server 11 SP1 LTSS
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 11 SP2
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available. It
   includes two new package versions.

Description:


   Mozilla Firefox has been updated to the 17.0.7 ESR version,
   which fixes  bugs and security issues.

   *

   MFSA 2013-49: Mozilla developers identified and fixed
   several memory safety bugs in the browser engine used in
   Firefox and other Mozilla-based products. Some of these
   bugs showed evidence of memory corruption under certain
   circumstances, and we presume that with enough effort at
   least some of these could be exploited to run arbitrary
   code.

   Gary Kwong, Jesse Ruderman, and Andrew McCreight
   reported memory safety problems and crashes that affect
   Firefox ESR 17, and Firefox 21. (CVE-2013-1682)

   *

   MFSA 2013-50: Security researcher Abhishek Arya
   (Inferno) of the Google Chrome Security Team used the
   Address Sanitizer tool to discover a series of
   use-after-free problems rated critical as security issues
   in shipped software. Some of these issues are potentially
   exploitable, allowing for remote code execution. We would
   also like to thank Abhishek for reporting additional
   use-after-free and buffer overflow flaws in code introduced
   during Firefox development. These were fixed before general
   release.

   o Heap-use-after-free in
   mozilla::dom::HTMLMediaElement::LookupMediaElementURITable
   (CVE-2013-1684) o Heap-use-after-free in
   nsIDocument::GetRootElement (CVE-2013-1685) o
   Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686)
   *

   MFSA 2013-51 / CVE-2013-1687: Security researcher
   Mariusz Mlynski reported that it is possible to compile a
   user-defined function in the XBL scope of a specific
   element and then trigger an event within this scope to run
   code. In some circumstances, when this code is run, it can
   access content protected by System Only Wrappers (SOW) and
   chrome-privileged pages. This could potentially lead to
   arbitrary code execution. Additionally, Chrome Object
   Wrappers (COW) can be bypassed by web content to access
   privileged methods, leading to a cross-site scripting (XSS)
   attack from privileged pages.

   *

   MFSA 2013-53 / CVE-2013-1690: Security researcher
   Nils reported that specially crafted web content using the
   onreadystatechange event and reloading of pages could
   sometimes cause a crash when unmapped memory is executed.
   This crash is potentially exploitable.

   *

   MFSA 2013-54 / CVE-2013-1692: Security researcher
   Johnathan Kuskos reported that Firefox is sending data in
   the body of XMLHttpRequest (XHR) HEAD requests, which goes
   agains the XHR specification. This can potentially be used
   for Cross-Site Request Forgery (CSRF) attacks against sites
   which do not distinguish between HEAD and POST requests.

   *

   MFSA 2013-55 / CVE-2013-1693: Security researcher
   Paul Stone of Context Information Security discovered that
   timing differences in the processing of SVG format images
   with filters could allow for pixel values to be read. This
   could potentially allow for text values to be read across
   domains, leading to information disclosure.

   *

   MFSA 2013-59 / CVE-2013-1697: Mozilla security
   researcher moz_bug_r_a4 reported that XrayWrappers can be
   bypassed to call content-defined toString and valueOf
   methods through DefaultValue. This can lead to unexpected
   behavior when privileged code acts on the incorrect values.

   Security Issue references:

   * CVE-2013-1682
   
   * CVE-2013-1684
   
   * CVE-2013-1685
   
   * CVE-2013-1686
   
   * CVE-2013-1687
   
   * CVE-2013-1690
   
   * CVE-2013-1692
   
   * CVE-2013-1693
   
   * CVE-2013-1697
   


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-firefox-20130628-7976

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-firefox-20130628-7976

   - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS:

      zypper in -t patch slessp1-firefox-20130628-7977

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-firefox-20130628-7977

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-firefox-20130628-7976

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 17.0.7esr]:

      MozillaFirefox-17.0.7esr-0.3.1
      MozillaFirefox-translations-17.0.7esr-0.3.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.7esr]:

      MozillaFirefox-17.0.7esr-0.3.1
      MozillaFirefox-branding-SLED-7-0.6.9.31
      MozillaFirefox-translations-17.0.7esr-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 17.0.7esr]:

      MozillaFirefox-17.0.7esr-0.3.1
      MozillaFirefox-translations-17.0.7esr-0.3.1

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 17.0.7esr and 7]:

      MozillaFirefox-17.0.7esr-0.3.1
      MozillaFirefox-branding-SLED-7-0.6.9.31
      MozillaFirefox-translations-17.0.7esr-0.3.1

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 17.0.7esr and 7]:

      MozillaFirefox-17.0.7esr-0.6.1
      MozillaFirefox-branding-SLED-7-0.10.28
      MozillaFirefox-translations-17.0.7esr-0.6.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 17.0.7esr]:

      MozillaFirefox-17.0.7esr-0.3.1
      MozillaFirefox-branding-SLED-7-0.6.9.31
      MozillaFirefox-translations-17.0.7esr-0.3.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 17.0.7esr and 7]:

      MozillaFirefox-17.0.7esr-0.6.1
      MozillaFirefox-branding-SLED-7-0.10.28
      MozillaFirefox-translations-17.0.7esr-0.6.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x):

      MozillaFirefox-branding-upstream-17.0.7esr-0.6.1


References:

   https://www.suse.com/security/cve/CVE-2013-1682.html
   https://www.suse.com/security/cve/CVE-2013-1684.html
   https://www.suse.com/security/cve/CVE-2013-1685.html
   https://www.suse.com/security/cve/CVE-2013-1686.html
   https://www.suse.com/security/cve/CVE-2013-1687.html
   https://www.suse.com/security/cve/CVE-2013-1690.html
   https://www.suse.com/security/cve/CVE-2013-1692.html
   https://www.suse.com/security/cve/CVE-2013-1693.html
   https://www.suse.com/security/cve/CVE-2013-1697.html
   https://bugzilla.novell.com/825935
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login