openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nss / etc (openSUSE-SU-2012:0760-1)

critical Nessus Plugin ID 74655

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

Changes in MozillaFirefox :

 - update to Firefox 13.0 (bnc#765204)

 - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards

 - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass

 - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files

 - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document

 - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer

 - require NSS 3.13.4

 - MFSA 2012-39/CVE-2012-0441 (bmo#715073)

 - fix sound notifications when filename/path contains a whitespace (bmo#749739)

 - fix build on arm

 - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch)

Changes in MozillaThunderbird :

 - update to Thunderbird 13.0 (bnc#765204)

 - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards

 - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass

 - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files

 - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document

 - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer

 - require NSS 3.13.4

 - MFSA 2012-39/CVE-2012-0441 (bmo#715073)

 - fix build with system NSPR (mozilla-system-nspr.patch)

 - add dependentlibs.list for improved XRE startup

 - update enigmail to 1.4.2

 - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch)

 - update to Thunderbird 12.0.1

 - fix regressions

 - POP3 filters (bmo#748090)

 - Message Body not loaded when using 'Fetch Headers Only' (bmo#748865)

 - Received messages contain parts of other messages with movemail account (bmo#748726)

 - New mail notification issue (bmo#748997)

 - crash in nsMsgDatabase::MatchDbName (bmo#748432)

 - fixed build with gcc 4.7

Changes in seamonkey :

 - update to SeaMonkey 2.10 (bnc#765204)

 - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards

 - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass

 - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files

 - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document

 - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer

 - requires NSS 3.13.4

 - MFSA 2012-39/CVE-2012-0441 (bmo#715073)

 - update to SeaMonkey 2.9.1

 - fix regressions

 - POP3 filters (bmo#748090)

 - Message Body not loaded when using 'Fetch Headers Only' (bmo#748865)

 - Received messages contain parts of other messages with movemail account (bmo#748726)

 - New mail notification issue (bmo#748997)

 - crash in nsMsgDatabase::MatchDbName (bmo#748432)

 - fixed build with gcc 4.7

Changes in mozilla-nss :

 - update to 3.13.5 RTM

 - update to 3.13.4 RTM

 - fixed some bugs

 - fixed cert verification regression in PKIX mode (bmo#737802) introduced in 3.13.2

Changes in xulrunner :

 - update to 13.0 (bnc#765204)

 - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards

 - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass

 - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files

 - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document

 - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer

 - require NSS 3.13.4

 - MFSA 2012-39/CVE-2012-0441 (bmo#715073)

 - reenabled crashreporter for Factory/12.2 (fixed in mozilla-gcc47.patch)

Solution

Update the affected MozillaFirefox / MozillaThunderbird / mozilla-nss / etc packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=765204

https://lists.opensuse.org/opensuse-updates/2012-06/msg00023.html

Plugin Details

Severity: Critical

ID: 74655

File Name: openSUSE-2012-333.nasl

Version: 1.6

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols, p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo, p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource, p-cpe:/a:novell:opensuse:MozillaFirefox-devel, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other, p-cpe:/a:novell:opensuse:MozillaThunderbird, p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols, p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other, p-cpe:/a:novell:opensuse:chmsee, p-cpe:/a:novell:opensuse:chmsee-debuginfo, p-cpe:/a:novell:opensuse:chmsee-debugsource, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:enigmail-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3, p-cpe:/a:novell:opensuse:libfreebl3-32bit, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsoftokn3, p-cpe:/a:novell:opensuse:libsoftokn3-32bit, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-js, p-cpe:/a:novell:opensuse:mozilla-js-32bit, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss, p-cpe:/a:novell:opensuse:mozilla-nss-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs, p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debugsource, p-cpe:/a:novell:opensuse:mozilla-nss-devel, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-tools, p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:seamonkey-debuginfo, p-cpe:/a:novell:opensuse:seamonkey-debugsource, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:seamonkey-translations-other, p-cpe:/a:novell:opensuse:seamonkey-venkman, p-cpe:/a:novell:opensuse:xulrunner, p-cpe:/a:novell:opensuse:xulrunner-32bit, p-cpe:/a:novell:opensuse:xulrunner-buildsymbols, p-cpe:/a:novell:opensuse:xulrunner-debuginfo, p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit, p-cpe:/a:novell:opensuse:xulrunner-debugsource, p-cpe:/a:novell:opensuse:xulrunner-devel, p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 6/14/2012

Vulnerability Publication Date: 5/15/2012

Reference Information

CVE: CVE-2011-3101, CVE-2012-0441, CVE-2012-1937, CVE-2012-1938, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947