Detections
Analytics

openSUSE Security Update : Mozilla (openSUSE-SU-2013:0323-1)

critical Nessus Plugin ID 74898

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

MozillaFirefox was updated to Firefox 19.0 (bnc#804248) MozillaThunderbird was updated to Thunderbird 17.0.3 (bnc#804248) seamonkey was updated to SeaMonkey 2.16 (bnc#804248) xulrunner was updated to 17.0.3esr (bnc#804248) chmsee was updated to version 2.0.

Changes in MozillaFirefox 19.0 :

 - MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards

 - MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering

 - MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again

 - MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers

 - MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers

 - MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent

 - MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy

 - MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

 - removed obsolete patches

 - mozilla-webrtc.patch

 - mozilla-gstreamer-803287.patch

 - added patch to fix session restore window order (bmo#712763)

 - update to Firefox 18.0.2

 - blocklist and CTP updates

 - fixes in JS engine

 - update to Firefox 18.0.1

 - blocklist updates

 - backed out bmo#677092 (removed patch)

 - fixed problems involving HTTP proxy transactions

 - Fix WebRTC to build on powerpc

Changes in MozillaThunderbird :

 - update to Thunderbird 17.0.3 (bnc#804248)

 - MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety hazards

 - MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers

 - MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers

 - MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent

 - MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy

 - MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

 - update Enigmail to 1.5.1

 - The release fixes the regressions found in the past few weeks

Changes in seamonkey :

 - update to SeaMonkey 2.16 (bnc#804248)

 - MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards

 - MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering

 - MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again

 - MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers

 - MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers

 - MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent

 - MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy

 - MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

 - removed obsolete patches

 - mozilla-webrtc.patch

 - mozilla-gstreamer-803287.patch

 - update to SeaMonkey 2.15.2

 - Applications could not be removed from the 'Application details' dialog under Preferences, Helper Applications (bmo#826771).

 - View / Message Body As could show menu items out of context (bmo#831348)

 - update to SeaMonkey 2.15.1

 - backed out bmo#677092 (removed patch)

 - fixed problems involving HTTP proxy transactions

 - backed out restartless language packs as it broke multi-locale setup (bmo#677092, bmo#818468)

Changes in xulrunner :

 - update to 17.0.3esr (bnc#804248)

 - MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety hazards

 - MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers

 - MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers

 - MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent

 - MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy

 - MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

Solution

Update the affected Mozilla packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=796895

https://bugzilla.novell.com/show_bug.cgi?id=804248

https://lists.opensuse.org/opensuse-updates/2013-02/msg00061.html

Plugin Details

Severity: Critical

ID: 74898

File Name: openSUSE-2013-141.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mozillafirefox, p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream, p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols, p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo, p-cpe:/a:novell:opensuse:mozillafirefox-debugsource, p-cpe:/a:novell:opensuse:mozillafirefox-devel, p-cpe:/a:novell:opensuse:mozillafirefox-translations-common, p-cpe:/a:novell:opensuse:mozillafirefox-translations-other, p-cpe:/a:novell:opensuse:mozillathunderbird, p-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols, p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo, p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource, p-cpe:/a:novell:opensuse:mozillathunderbird-devel, p-cpe:/a:novell:opensuse:mozillathunderbird-devel-debuginfo, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other, p-cpe:/a:novell:opensuse:chmsee, p-cpe:/a:novell:opensuse:chmsee-debuginfo, p-cpe:/a:novell:opensuse:chmsee-debugsource, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:enigmail-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js, p-cpe:/a:novell:opensuse:mozilla-js-32bit, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:seamonkey-debuginfo, p-cpe:/a:novell:opensuse:seamonkey-debugsource, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:seamonkey-translations-other, p-cpe:/a:novell:opensuse:seamonkey-venkman, p-cpe:/a:novell:opensuse:xulrunner, p-cpe:/a:novell:opensuse:xulrunner-32bit, p-cpe:/a:novell:opensuse:xulrunner-buildsymbols, p-cpe:/a:novell:opensuse:xulrunner-debuginfo, p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit, p-cpe:/a:novell:opensuse:xulrunner-debugsource, p-cpe:/a:novell:opensuse:xulrunner-devel, p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo, cpe:/o:novell:opensuse:12.1, cpe:/o:novell:opensuse:12.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2/21/2013

Reference Information

CVE: CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783