openSUSE Security Update : Mozilla (openSUSE-SU-2013:0323-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

MozillaFirefox was updated to Firefox 19.0 (bnc#804248)
MozillaThunderbird was updated to Thunderbird 17.0.3 (bnc#804248)
seamonkey was updated to SeaMonkey 2.16 (bnc#804248) xulrunner was
updated to 17.0.3esr (bnc#804248) chmsee was updated to version 2.0.

Changes in MozillaFirefox 19.0 :

- MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous
memory safety hazards

- MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds
read in image rendering

- MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL
objects can be wrapped again

- MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
bypass of COW and SOW security wrappers

- MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
JavaScript Workers

- MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
in nsImageLoadingContent

- MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
HTTPS connection through malicious proxy

- MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
Use-after-free, out of bounds read, and buffer overflow
issues found using Address Sanitizer

- removed obsolete patches

- mozilla-webrtc.patch

- mozilla-gstreamer-803287.patch

- added patch to fix session restore window order
(bmo#712763)

- update to Firefox 18.0.2

- blocklist and CTP updates

- fixes in JS engine

- update to Firefox 18.0.1

- blocklist updates

- backed out bmo#677092 (removed patch)

- fixed problems involving HTTP proxy transactions

- Fix WebRTC to build on powerpc

Changes in MozillaThunderbird :

- update to Thunderbird 17.0.3 (bnc#804248)

- MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety
hazards

- MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
bypass of COW and SOW security wrappers

- MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
JavaScript Workers

- MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
in nsImageLoadingContent

- MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
HTTPS connection through malicious proxy

- MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free,
out of bounds read, and buffer overflow issues found
using Address Sanitizer

- update Enigmail to 1.5.1

- The release fixes the regressions found in the past few
weeks

Changes in seamonkey :

- update to SeaMonkey 2.16 (bnc#804248)

- MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous
memory safety hazards

- MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds
read in image rendering

- MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL
objects can be wrapped again

- MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
bypass of COW and SOW security wrappers

- MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
JavaScript Workers

- MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
in nsImageLoadingContent

- MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
HTTPS connection through malicious proxy

- MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
Use-after-free, out of bounds read, and buffer overflow
issues found using Address Sanitizer

- removed obsolete patches

- mozilla-webrtc.patch

- mozilla-gstreamer-803287.patch

- update to SeaMonkey 2.15.2

- Applications could not be removed from the 'Application
details' dialog under Preferences, Helper Applications
(bmo#826771).

- View / Message Body As could show menu items out of
context (bmo#831348)

- update to SeaMonkey 2.15.1

- backed out bmo#677092 (removed patch)

- fixed problems involving HTTP proxy transactions

- backed out restartless language packs as it broke
multi-locale setup (bmo#677092, bmo#818468)

Changes in xulrunner :

- update to 17.0.3esr (bnc#804248)

- MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety
hazards

- MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
bypass of COW and SOW security wrappers

- MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
JavaScript Workers

- MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
in nsImageLoadingContent

- MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
HTTPS connection through malicious proxy

- MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free,
out of bounds read, and buffer overflow issues found
using Address Sanitizer

See also :

http://lists.opensuse.org/opensuse-updates/2013-02/msg00061.html
https://bugzilla.novell.com/show_bug.cgi?id=796895
https://bugzilla.novell.com/show_bug.cgi?id=804248

Solution :

Update the affected Mozilla packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now