New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
Synopsis
The remote openSUSE host is missing a security update.
Description
Changes in MozillaFirefox :
- update to Firefox 13.0 (bnc#765204)
- MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards
- MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass
- MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files
- MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document
- MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer
- require NSS 3.13.4
- MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- fix sound notifications when filename/path contains a whitespace (bmo#749739)
- fix build on arm
- reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch)
Changes in MozillaThunderbird :
- update to Thunderbird 13.0 (bnc#765204)
- MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards
- MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass
- MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files
- MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document
- MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer
- require NSS 3.13.4
- MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- fix build with system NSPR (mozilla-system-nspr.patch)
- add dependentlibs.list for improved XRE startup
- update enigmail to 1.4.2
- reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch)
- update to Thunderbird 12.0.1
- fix regressions
- POP3 filters (bmo#748090)
- Message Body not loaded when using 'Fetch Headers Only' (bmo#748865)
- Received messages contain parts of other messages with movemail account (bmo#748726)
- New mail notification issue (bmo#748997)
- crash in nsMsgDatabase::MatchDbName (bmo#748432)
- fixed build with gcc 4.7
Changes in seamonkey :
- update to SeaMonkey 2.10 (bnc#765204)
- MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards
- MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass
- MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files
- MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document
- MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer
- requires NSS 3.13.4
- MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- update to SeaMonkey 2.9.1
- fix regressions
- POP3 filters (bmo#748090)
- Message Body not loaded when using 'Fetch Headers Only' (bmo#748865)
- Received messages contain parts of other messages with movemail account (bmo#748726)
- New mail notification issue (bmo#748997)
- crash in nsMsgDatabase::MatchDbName (bmo#748432)
- fixed build with gcc 4.7
Changes in mozilla-nss :
- update to 3.13.5 RTM
- update to 3.13.4 RTM
- fixed some bugs
- fixed cert verification regression in PKIX mode (bmo#737802) introduced in 3.13.2
Changes in xulrunner :
- update to 13.0 (bnc#765204)
- MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards
- MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass
- MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files
- MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document
- MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer
- require NSS 3.13.4
- MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- reenabled crashreporter for Factory/12.2 (fixed in mozilla-gcc47.patch)
Solution
Update the affected MozillaFirefox / MozillaThunderbird / mozilla-nss / etc packages.