openSUSE Security Update : Mozilla (openSUSE-SU-2013:0323-1)

Critical Nessus Plugin ID 74898

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote openSUSE host is missing a security update.

Description

MozillaFirefox was updated to Firefox 19.0 (bnc#804248) MozillaThunderbird was updated to Thunderbird 17.0.3 (bnc#804248) seamonkey was updated to SeaMonkey 2.16 (bnc#804248) xulrunner was updated to 17.0.3esr (bnc#804248) chmsee was updated to version 2.0.

Changes in MozillaFirefox 19.0 :

- MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards

- MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering

- MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again

- MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers

- MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers

- MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent

- MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy

- MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

- removed obsolete patches

- mozilla-webrtc.patch

- mozilla-gstreamer-803287.patch

- added patch to fix session restore window order (bmo#712763)

- update to Firefox 18.0.2

- blocklist and CTP updates

- fixes in JS engine

- update to Firefox 18.0.1

- blocklist updates

- backed out bmo#677092 (removed patch)

- fixed problems involving HTTP proxy transactions

- Fix WebRTC to build on powerpc

Changes in MozillaThunderbird :

- update to Thunderbird 17.0.3 (bnc#804248)

- MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety hazards

- MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers

- MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers

- MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent

- MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy

- MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

- update Enigmail to 1.5.1

- The release fixes the regressions found in the past few weeks

Changes in seamonkey :

- update to SeaMonkey 2.16 (bnc#804248)

- MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards

- MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering

- MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again

- MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers

- MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers

- MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent

- MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy

- MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

- removed obsolete patches

- mozilla-webrtc.patch

- mozilla-gstreamer-803287.patch

- update to SeaMonkey 2.15.2

- Applications could not be removed from the 'Application details' dialog under Preferences, Helper Applications (bmo#826771).

- View / Message Body As could show menu items out of context (bmo#831348)

- update to SeaMonkey 2.15.1

- backed out bmo#677092 (removed patch)

- fixed problems involving HTTP proxy transactions

- backed out restartless language packs as it broke multi-locale setup (bmo#677092, bmo#818468)

Changes in xulrunner :

- update to 17.0.3esr (bnc#804248)

- MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety hazards

- MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers

- MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers

- MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent

- MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy

- MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

Solution

Update the affected Mozilla packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=796895

https://bugzilla.novell.com/show_bug.cgi?id=804248

https://lists.opensuse.org/opensuse-updates/2013-02/msg00061.html

Plugin Details

Severity: Critical

ID: 74898

File Name: openSUSE-2013-141.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 6.7

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols, p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo, p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource, p-cpe:/a:novell:opensuse:MozillaFirefox-devel, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other, p-cpe:/a:novell:opensuse:MozillaThunderbird, p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols, p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other, p-cpe:/a:novell:opensuse:chmsee, p-cpe:/a:novell:opensuse:chmsee-debuginfo, p-cpe:/a:novell:opensuse:chmsee-debugsource, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:enigmail-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js, p-cpe:/a:novell:opensuse:mozilla-js-32bit, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:seamonkey-debuginfo, p-cpe:/a:novell:opensuse:seamonkey-debugsource, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:seamonkey-translations-other, p-cpe:/a:novell:opensuse:seamonkey-venkman, p-cpe:/a:novell:opensuse:xulrunner, p-cpe:/a:novell:opensuse:xulrunner-32bit, p-cpe:/a:novell:opensuse:xulrunner-buildsymbols, p-cpe:/a:novell:opensuse:xulrunner-debuginfo, p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit, p-cpe:/a:novell:opensuse:xulrunner-debugsource, p-cpe:/a:novell:opensuse:xulrunner-devel, p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo, cpe:/o:novell:opensuse:12.1, cpe:/o:novell:opensuse:12.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2013/02/21

Reference Information

CVE: CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783