openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr / etc (openSUSE-SU-2013:1348-1)

Critical Nessus Plugin ID 75122

Synopsis

The remote openSUSE host is missing a security update.

Description

Changes in seamonkey :

- update to SeaMonkey 2.20 (bnc#833389)

- MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards

- MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody

- MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests

- MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

- requires NSPR 4.10 and NSS 3.15

- removed obsolete seamonkey-shared-nss-db.patch

Changes in seamonkey :

- update to SeaMonkey 2.20 (bnc#833389)

- MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards

- MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody

- MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests

- MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

- requires NSPR 4.10 and NSS 3.15

- removed obsolete seamonkey-shared-nss-db.patch

Changes in xulrunner :

- update to 17.0.8esr (bnc#833389)

- MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

Changes in xulrunner :

- update to 17.0.8esr (bnc#833389)

- MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

Changes in MozillaThunderbird :

- update to Thunderbird 17.0.8 (bnc#833389)

- MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

- update Enigmail to 1.5.2

- bugfix release

Changes in MozillaThunderbird :

- update to Thunderbird 17.0.8 (bnc#833389)

- MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

- update Enigmail to 1.5.2

- bugfix release

Changes in mozilla-nss :

- fix 32bit requirement, it's without () actually

- update to 3.15.1

- TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported.

- some bugfixes and improvements

- require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991)

- update to 3.15

- Packaging

+ removed obsolete patches

- nss-disable-expired-testcerts.patch

- bug-834091.patch

- New Functionality

+ Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);

+ Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.

+ Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.

+ certutil has been updated to support creating name constraints extensions.

- New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension.
in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete.
SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.

- New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems.

- New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE

- Notable changes

+ SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code.

+ The list of root CA certificates in the nssckbi module has been updated.

+ The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache.

- a lot of bugfixes

- Add Source URL, see https://en.opensuse.org/SourceUrls

Changes in mozilla-nss :

- fix 32bit requirement, it's without () actually

- update to 3.15.1

- TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported.

- some bugfixes and improvements

- require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991)

- update to 3.15

- Packaging

+ removed obsolete patches

- nss-disable-expired-testcerts.patch

- bug-834091.patch

- New Functionality

+ Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);

+ Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.

+ Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.

+ certutil has been updated to support creating name constraints extensions.

- New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension.
in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete.
SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.

- New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems.

- New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE

- Notable changes

+ SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code.

+ The list of root CA certificates in the nssckbi module has been updated.

+ The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache.

- a lot of bugfixes

- Add Source URL, see https://en.opensuse.org/SourceUrls

Changes in mozilla-nspr :

- update to version 4.10

- bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena.

- bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf.

- bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10.

- bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c.

- bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h.

- bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux.

- bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority.

Changes in mozilla-nspr :

- update to version 4.10

- bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena.

- bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf.

- bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10.

- bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c.

- bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h.

- bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux.

- bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority.

Changes in MozillaFirefox :

- update to Firefox 23.0 (bnc#833389)

- MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards

- MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody

- MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests

- MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

- requires NSPR 4.10 and NSS 3.15

- fix build on ARM (/-g/ matches /-grecord-switches/)

Changes in MozillaFirefox :

- update to Firefox 23.0 (bnc#833389)

- MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards

- MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody

- MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests

- MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

- requires NSPR 4.10 and NSS 3.15

- fix build on ARM (/-g/ matches /-grecord-switches/)

Solution

Update the affected MozillaFirefox / MozillaThunderbird / mozilla-nspr / etc packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=833389

https://en.opensuse.org/SourceUrls

https://lists.opensuse.org/opensuse-updates/2013-08/msg00036.html

Plugin Details

Severity: Critical

ID: 75122

File Name: openSUSE-2013-652.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols, p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo, p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource, p-cpe:/a:novell:opensuse:MozillaFirefox-devel, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other, p-cpe:/a:novell:opensuse:MozillaThunderbird, p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols, p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:enigmail-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3, p-cpe:/a:novell:opensuse:libfreebl3-32bit, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsoftokn3, p-cpe:/a:novell:opensuse:libsoftokn3-32bit, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-js, p-cpe:/a:novell:opensuse:mozilla-js-32bit, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nspr, p-cpe:/a:novell:opensuse:mozilla-nspr-32bit, p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource, p-cpe:/a:novell:opensuse:mozilla-nspr-devel, p-cpe:/a:novell:opensuse:mozilla-nss, p-cpe:/a:novell:opensuse:mozilla-nss-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs, p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debugsource, p-cpe:/a:novell:opensuse:mozilla-nss-devel, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-tools, p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:seamonkey-debuginfo, p-cpe:/a:novell:opensuse:seamonkey-debugsource, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:seamonkey-translations-other, p-cpe:/a:novell:opensuse:seamonkey-venkman, p-cpe:/a:novell:opensuse:xulrunner, p-cpe:/a:novell:opensuse:xulrunner-32bit, p-cpe:/a:novell:opensuse:xulrunner-buildsymbols, p-cpe:/a:novell:opensuse:xulrunner-debuginfo, p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit, p-cpe:/a:novell:opensuse:xulrunner-debugsource, p-cpe:/a:novell:opensuse:xulrunner-devel, p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/08/08

Exploitable With

Metasploit (Firefox toString console.time Privileged Javascript Injection)

Reference Information

CVE: CVE-2013-1701, CVE-2013-1702, CVE-2013-1704, CVE-2013-1705, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717