openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nss / etc (openSUSE-SU-2012:0760-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Changes in MozillaFirefox :

- update to Firefox 13.0 (bnc#765204)

- MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards

- MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security
Policy inline-script bypass

- MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
disclosure though Windows file shares and shortcut files

- MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
while replacing/inserting a node in a document

- MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using
Address Sanitizer

- require NSS 3.13.4

- MFSA 2012-39/CVE-2012-0441 (bmo#715073)

- fix sound notifications when filename/path contains a
whitespace (bmo#749739)

- fix build on arm

- reenabled crashreporter for Factory/12.2 (fix in
mozilla-gcc47.patch)

Changes in MozillaThunderbird :

- update to Thunderbird 13.0 (bnc#765204)

- MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards

- MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security
Policy inline-script bypass

- MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
disclosure though Windows file shares and shortcut files

- MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
while replacing/inserting a node in a document

- MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using
Address Sanitizer

- require NSS 3.13.4

- MFSA 2012-39/CVE-2012-0441 (bmo#715073)

- fix build with system NSPR (mozilla-system-nspr.patch)

- add dependentlibs.list for improved XRE startup

- update enigmail to 1.4.2

- reenabled crashreporter for Factory/12.2 (fix in
mozilla-gcc47.patch)

- update to Thunderbird 12.0.1

- fix regressions

- POP3 filters (bmo#748090)

- Message Body not loaded when using 'Fetch Headers Only'
(bmo#748865)

- Received messages contain parts of other messages with
movemail account (bmo#748726)

- New mail notification issue (bmo#748997)

- crash in nsMsgDatabase::MatchDbName (bmo#748432)

- fixed build with gcc 4.7

Changes in seamonkey :

- update to SeaMonkey 2.10 (bnc#765204)

- MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards

- MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security
Policy inline-script bypass

- MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
disclosure though Windows file shares and shortcut files

- MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
while replacing/inserting a node in a document

- MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using
Address Sanitizer

- requires NSS 3.13.4

- MFSA 2012-39/CVE-2012-0441 (bmo#715073)

- update to SeaMonkey 2.9.1

- fix regressions

- POP3 filters (bmo#748090)

- Message Body not loaded when using 'Fetch Headers Only'
(bmo#748865)

- Received messages contain parts of other messages with
movemail account (bmo#748726)

- New mail notification issue (bmo#748997)

- crash in nsMsgDatabase::MatchDbName (bmo#748432)

- fixed build with gcc 4.7

Changes in mozilla-nss :

- update to 3.13.5 RTM

- update to 3.13.4 RTM

- fixed some bugs

- fixed cert verification regression in PKIX mode
(bmo#737802) introduced in 3.13.2

Changes in xulrunner :

- update to 13.0 (bnc#765204)

- MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards

- MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security
Policy inline-script bypass

- MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
disclosure though Windows file shares and shortcut files

- MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
while replacing/inserting a node in a document

- MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using
Address Sanitizer

- require NSS 3.13.4

- MFSA 2012-39/CVE-2012-0441 (bmo#715073)

- reenabled crashreporter for Factory/12.2 (fixed in
mozilla-gcc47.patch)

See also :

http://lists.opensuse.org/opensuse-updates/2012-06/msg00023.html
https://bugzilla.novell.com/show_bug.cgi?id=765204

Solution :

Update the affected MozillaFirefox / MozillaThunderbird / mozilla-nss / etc packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now