openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nss / etc (openSUSE-SU-2012:0760-1)

Critical Nessus Plugin ID 74655

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote openSUSE host is missing a security update.

Description

Changes in MozillaFirefox :

- update to Firefox 13.0 (bnc#765204)

- MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards

- MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass

- MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files

- MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document

- MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer

- require NSS 3.13.4

- MFSA 2012-39/CVE-2012-0441 (bmo#715073)

- fix sound notifications when filename/path contains a whitespace (bmo#749739)

- fix build on arm

- reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch)

Changes in MozillaThunderbird :

- update to Thunderbird 13.0 (bnc#765204)

- MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards

- MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass

- MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files

- MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document

- MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer

- require NSS 3.13.4

- MFSA 2012-39/CVE-2012-0441 (bmo#715073)

- fix build with system NSPR (mozilla-system-nspr.patch)

- add dependentlibs.list for improved XRE startup

- update enigmail to 1.4.2

- reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch)

- update to Thunderbird 12.0.1

- fix regressions

- POP3 filters (bmo#748090)

- Message Body not loaded when using 'Fetch Headers Only' (bmo#748865)

- Received messages contain parts of other messages with movemail account (bmo#748726)

- New mail notification issue (bmo#748997)

- crash in nsMsgDatabase::MatchDbName (bmo#748432)

- fixed build with gcc 4.7

Changes in seamonkey :

- update to SeaMonkey 2.10 (bnc#765204)

- MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards

- MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass

- MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files

- MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document

- MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer

- requires NSS 3.13.4

- MFSA 2012-39/CVE-2012-0441 (bmo#715073)

- update to SeaMonkey 2.9.1

- fix regressions

- POP3 filters (bmo#748090)

- Message Body not loaded when using 'Fetch Headers Only' (bmo#748865)

- Received messages contain parts of other messages with movemail account (bmo#748726)

- New mail notification issue (bmo#748997)

- crash in nsMsgDatabase::MatchDbName (bmo#748432)

- fixed build with gcc 4.7

Changes in mozilla-nss :

- update to 3.13.5 RTM

- update to 3.13.4 RTM

- fixed some bugs

- fixed cert verification regression in PKIX mode (bmo#737802) introduced in 3.13.2

Changes in xulrunner :

- update to 13.0 (bnc#765204)

- MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards

- MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass

- MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files

- MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document

- MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer

- require NSS 3.13.4

- MFSA 2012-39/CVE-2012-0441 (bmo#715073)

- reenabled crashreporter for Factory/12.2 (fixed in mozilla-gcc47.patch)

Solution

Update the affected MozillaFirefox / MozillaThunderbird / mozilla-nss / etc packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=765204

https://lists.opensuse.org/opensuse-updates/2012-06/msg00023.html

Plugin Details

Severity: Critical

ID: 74655

File Name: openSUSE-2012-333.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols, p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo, p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource, p-cpe:/a:novell:opensuse:MozillaFirefox-devel, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other, p-cpe:/a:novell:opensuse:MozillaThunderbird, p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols, p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other, p-cpe:/a:novell:opensuse:chmsee, p-cpe:/a:novell:opensuse:chmsee-debuginfo, p-cpe:/a:novell:opensuse:chmsee-debugsource, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:enigmail-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3, p-cpe:/a:novell:opensuse:libfreebl3-32bit, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsoftokn3, p-cpe:/a:novell:opensuse:libsoftokn3-32bit, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-js, p-cpe:/a:novell:opensuse:mozilla-js-32bit, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss, p-cpe:/a:novell:opensuse:mozilla-nss-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs, p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debugsource, p-cpe:/a:novell:opensuse:mozilla-nss-devel, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-tools, p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:seamonkey-debuginfo, p-cpe:/a:novell:opensuse:seamonkey-debugsource, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:seamonkey-translations-other, p-cpe:/a:novell:opensuse:seamonkey-venkman, p-cpe:/a:novell:opensuse:xulrunner, p-cpe:/a:novell:opensuse:xulrunner-32bit, p-cpe:/a:novell:opensuse:xulrunner-buildsymbols, p-cpe:/a:novell:opensuse:xulrunner-debuginfo, p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit, p-cpe:/a:novell:opensuse:xulrunner-debugsource, p-cpe:/a:novell:opensuse:xulrunner-devel, p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2012/06/14

Vulnerability Publication Date: 2012/05/15

Reference Information

CVE: CVE-2011-3101, CVE-2012-0441, CVE-2012-1937, CVE-2012-1938, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947