openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-SU-2012:0567-1)

Critical Nessus Plugin ID 74612

Synopsis

The remote openSUSE host is missing a security update.

Description

Changes in xulrunner :

- update to 12.0 (bnc#758408)

- rebased patches

- MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards

- MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange

- MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface

- MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors

- MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite

- MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error

- MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS

- MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions

- MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues

- MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D

- MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer

- MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors

- MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds

- added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running

- gcc 4.7 fixes

- mozilla-gcc47.patch

- disabled crashreporter temporarily for Factory

Changes in MozillaFirefox :

- update to Firefox 12.0 (bnc#758408)

- rebased patches

- MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards

- MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange

- MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface

- MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors

- MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite

- MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error

- MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS

- MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions

- MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues

- MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D

- MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer

- MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors

- MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds

- added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running

- gcc 4.7 fixes

- mozilla-gcc47.patch

- disabled crashreporter temporarily for Factory

- recommend libcanberra0 for proper sound notifications

Changes in MozillaThunderbird :

- update to Thunderbird 12.0 (bnc#758408)

- MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards

- MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange

- MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface

- MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors

- MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite

- MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error

- MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS

- MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions

- MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues

- MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D

- MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer

- MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors

- MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds

- update Enigmail to 1.4.1

- added mozilla-revert_621446.patch

- added mozilla-libnotify.patch (bmo#737646)

- added mailnew-showalert.patch (bmo#739146)

- added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7

- disabled crashreporter temporarily for Factory (gcc 4.7 issue)

Changes in seamonkey :

- update to SeaMonkey 2.9 (bnc#758408)

- MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards

- MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange

- MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface

- MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors

- MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite

- MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error

- MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS

- MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions

- MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues

- MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D

- MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer

- MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors

- MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds

- update to 2.9b4

- added mozilla-sle11.patch and add exceptions to be able to build for SLE11/11.1

- exclude broken gl locale from build

- fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch

- added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7

Solution

Update the affected MozillaFirefox / MozillaThunderbird / seamonkey / etc packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=712224

https://bugzilla.novell.com/show_bug.cgi?id=714931

https://bugzilla.novell.com/show_bug.cgi?id=720264

https://bugzilla.novell.com/show_bug.cgi?id=726758

https://bugzilla.novell.com/show_bug.cgi?id=728520

https://bugzilla.novell.com/show_bug.cgi?id=732898

https://bugzilla.novell.com/show_bug.cgi?id=733002

https://bugzilla.novell.com/show_bug.cgi?id=744275

https://bugzilla.novell.com/show_bug.cgi?id=746616

https://bugzilla.novell.com/show_bug.cgi?id=747328

https://bugzilla.novell.com/show_bug.cgi?id=749440

https://bugzilla.novell.com/show_bug.cgi?id=750044

https://bugzilla.novell.com/show_bug.cgi?id=755060

https://bugzilla.novell.com/show_bug.cgi?id=758408

https://lists.opensuse.org/opensuse-updates/2012-04/msg00066.html

Plugin Details

Severity: Critical

ID: 74612

File Name: openSUSE-2012-254.nasl

Version: 1.10

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols, p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo, p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource, p-cpe:/a:novell:opensuse:MozillaFirefox-devel, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other, p-cpe:/a:novell:opensuse:MozillaThunderbird, p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols, p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:enigmail-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js, p-cpe:/a:novell:opensuse:mozilla-js-32bit, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:seamonkey-debuginfo, p-cpe:/a:novell:opensuse:seamonkey-debugsource, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:seamonkey-translations-other, p-cpe:/a:novell:opensuse:seamonkey-venkman, p-cpe:/a:novell:opensuse:xulrunner, p-cpe:/a:novell:opensuse:xulrunner-32bit, p-cpe:/a:novell:opensuse:xulrunner-buildsymbols, p-cpe:/a:novell:opensuse:xulrunner-debuginfo, p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit, p-cpe:/a:novell:opensuse:xulrunner-debugsource, p-cpe:/a:novell:opensuse:xulrunner-devel, p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/04/26

Vulnerability Publication Date: 2011/03/10

Exploitable With

CANVAS (CANVAS)

Metasploit (Firefox nsSVGValue Out-of-Bounds Access Vulnerability)

Reference Information

CVE: CVE-2011-1187, CVE-2011-2985, CVE-2011-2986, CVE-2011-2987, CVE-2011-2988, CVE-2011-2989, CVE-2011-2991, CVE-2011-2992, CVE-2011-3005, CVE-2011-3062, CVE-2011-3232, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655, CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0451, CVE-2012-0452, CVE-2012-0459, CVE-2012-0460, CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0475, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479