openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr / etc (openSUSE-SU-2013:1348-1)

Critical Nessus Plugin ID 75122

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.9

Synopsis

The remote openSUSE host is missing a security update.

Description

Changes in seamonkey :

- update to SeaMonkey 2.20 (bnc#833389)

- MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards

- MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody

- MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests

- MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

- requires NSPR 4.10 and NSS 3.15

- removed obsolete seamonkey-shared-nss-db.patch

Changes in seamonkey :

- update to SeaMonkey 2.20 (bnc#833389)

- MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards

- MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody

- MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests

- MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

- requires NSPR 4.10 and NSS 3.15

- removed obsolete seamonkey-shared-nss-db.patch

Changes in xulrunner :

- update to 17.0.8esr (bnc#833389)

- MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

Changes in xulrunner :

- update to 17.0.8esr (bnc#833389)

- MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

Changes in MozillaThunderbird :

- update to Thunderbird 17.0.8 (bnc#833389)

- MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

- update Enigmail to 1.5.2

- bugfix release

Changes in MozillaThunderbird :

- update to Thunderbird 17.0.8 (bnc#833389)

- MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

- update Enigmail to 1.5.2

- bugfix release

Changes in mozilla-nss :

- fix 32bit requirement, it's without () actually

- update to 3.15.1

- TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported.

- some bugfixes and improvements

- require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991)

- update to 3.15

- Packaging

+ removed obsolete patches

- nss-disable-expired-testcerts.patch

- bug-834091.patch

- New Functionality

+ Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);

+ Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.

+ Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.

+ certutil has been updated to support creating name constraints extensions.

- New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension.
in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete.
SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.

- New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems.

- New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE

- Notable changes

+ SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code.

+ The list of root CA certificates in the nssckbi module has been updated.

+ The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache.

- a lot of bugfixes

- Add Source URL, see https://en.opensuse.org/SourceUrls

Changes in mozilla-nss :

- fix 32bit requirement, it's without () actually

- update to 3.15.1

- TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported.

- some bugfixes and improvements

- require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991)

- update to 3.15

- Packaging

+ removed obsolete patches

- nss-disable-expired-testcerts.patch

- bug-834091.patch

- New Functionality

+ Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);

+ Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.

+ Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.

+ certutil has been updated to support creating name constraints extensions.

- New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension.
in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete.
SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.

- New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems.

- New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE

- Notable changes

+ SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code.

+ The list of root CA certificates in the nssckbi module has been updated.

+ The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache.

- a lot of bugfixes

- Add Source URL, see https://en.opensuse.org/SourceUrls

Changes in mozilla-nspr :

- update to version 4.10

- bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena.

- bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf.

- bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10.

- bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c.

- bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h.

- bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux.

- bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority.

Changes in mozilla-nspr :

- update to version 4.10

- bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena.

- bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf.

- bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10.

- bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c.

- bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h.

- bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux.

- bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority.

Changes in MozillaFirefox :

- update to Firefox 23.0 (bnc#833389)

- MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards

- MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody

- MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests

- MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

- requires NSPR 4.10 and NSS 3.15

- fix build on ARM (/-g/ matches /-grecord-switches/)

Changes in MozillaFirefox :

- update to Firefox 23.0 (bnc#833389)

- MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards

- MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody

- MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests

- MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding

- MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

- MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

- MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes

- MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

- MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

- MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

- requires NSPR 4.10 and NSS 3.15

- fix build on ARM (/-g/ matches /-grecord-switches/)

Solution

Update the affected MozillaFirefox / MozillaThunderbird / mozilla-nspr / etc packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=833389

https://en.opensuse.org/SourceUrls

https://lists.opensuse.org/opensuse-updates/2013-08/msg00036.html

Plugin Details

Severity: Critical

ID: 75122

File Name: openSUSE-2013-652.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 8.9

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols, p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo, p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource, p-cpe:/a:novell:opensuse:MozillaFirefox-devel, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other, p-cpe:/a:novell:opensuse:MozillaThunderbird, p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols, p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:enigmail-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3, p-cpe:/a:novell:opensuse:libfreebl3-32bit, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsoftokn3, p-cpe:/a:novell:opensuse:libsoftokn3-32bit, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-js, p-cpe:/a:novell:opensuse:mozilla-js-32bit, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nspr, p-cpe:/a:novell:opensuse:mozilla-nspr-32bit, p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource, p-cpe:/a:novell:opensuse:mozilla-nspr-devel, p-cpe:/a:novell:opensuse:mozilla-nss, p-cpe:/a:novell:opensuse:mozilla-nss-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs, p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debugsource, p-cpe:/a:novell:opensuse:mozilla-nss-devel, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-tools, p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:seamonkey-debuginfo, p-cpe:/a:novell:opensuse:seamonkey-debugsource, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:seamonkey-translations-other, p-cpe:/a:novell:opensuse:seamonkey-venkman, p-cpe:/a:novell:opensuse:xulrunner, p-cpe:/a:novell:opensuse:xulrunner-32bit, p-cpe:/a:novell:opensuse:xulrunner-buildsymbols, p-cpe:/a:novell:opensuse:xulrunner-debuginfo, p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit, p-cpe:/a:novell:opensuse:xulrunner-debugsource, p-cpe:/a:novell:opensuse:xulrunner-devel, p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/08/08

Exploitable With

Metasploit (Firefox toString console.time Privileged Javascript Injection)

Reference Information

CVE: CVE-2013-1701, CVE-2013-1702, CVE-2013-1704, CVE-2013-1705, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717