openSUSE Security Update : MozillaFirefox / MozillaThunderbird (openSUSE-SU-2012:0417-1)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Changes in MozillaThunderbird :

- update to Thunderbird 11.0 (bnc#750044)

- MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag
and Drop and Javascript: URL

- MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653,
#720103) SVG issues found with Address Sanitizer

- MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with
multiple Content Security Policy headers

- MFSA 2012-16/CVE-2012-0458 Escalation of privilege with
Javascript: URL as home page

- MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when
accessing keyframe cssText after dynamic modification

- MFSA 2012-18/CVE-2012-0460 (bmo#727303)
window.fullScreen writeable by untrusted content

- MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463 Miscellaneous memory safety hazards

Changes in mozilla-xulrunner192 :

- security update to 1.9.2.28 (bnc#750044)

- MFSA 2011-55/CVE-2011-3658 (bmo#708186) nsSVGValue
out-of-bounds access

- MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag
and Drop and Javascript: URL

- MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653,
#720103) SVG issues found with Address Sanitizer

- MFSA 2012-16/CVE-2012-0458 Escalation of privilege with
Javascript: URL as home page

- MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463 Miscellaneous memory safety hazards

Changes in MozillaFirefox :

- update to Firefox 11.0 (bnc#750044)

- MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag
and Drop and Javascript: URL

- MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653,
#720103) SVG issues found with Address Sanitizer

- MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with
multiple Content Security Policy headers

- MFSA 2012-16/CVE-2012-0458 Escalation of privilege with
Javascript: URL as home page

- MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when
accessing keyframe cssText after dynamic modification

- MFSA 2012-18/CVE-2012-0460 (bmo#727303)
window.fullScreen writeable by untrusted content

- MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463 Miscellaneous memory safety hazards

Changes in seamonkey :

- update to SeaMonkey 2.8 (bnc#750044)

- MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag
and Drop and Javascript: URL

- MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653,
#720103) SVG issues found with Address Sanitizer

- MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with
multiple Content Security Policy headers

- MFSA 2012-16/CVE-2012-0458 Escalation of privilege with
Javascript: URL as home page

- MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when
accessing keyframe cssText after dynamic modification

- MFSA 2012-18/CVE-2012-0460 (bmo#727303)
window.fullScreen writeable by untrusted content

- MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463 Miscellaneous memory safety hazards

Changes in chmsee :

- Update to version 1.99.08

Changes in mozilla-nss :

- update to 3.13.3 RTM

- distrust Trustwave's MITM certificates (bmo#724929)

- fix generic blacklisting mechanism (bmo#727204)

Changes in mozilla-nspr :

- update to version 4.9 RTM

See also :

http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
https://bugzilla.novell.com/show_bug.cgi?id=745303
https://bugzilla.novell.com/show_bug.cgi?id=746591
https://bugzilla.novell.com/show_bug.cgi?id=747320
https://bugzilla.novell.com/show_bug.cgi?id=749440
https://bugzilla.novell.com/show_bug.cgi?id=750044
https://bugzilla.novell.com/show_bug.cgi?id=750673

Solution :

Update the affected MozillaFirefox / MozillaThunderbird packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now