openSUSE Security Update : Mozilla (openSUSE-SU-2013:0323-1)

critical Nessus Plugin ID 74898

Synopsis

The remote openSUSE host is missing a security update.

Description

MozillaFirefox was updated to Firefox 19.0 (bnc#804248) MozillaThunderbird was updated to Thunderbird 17.0.3 (bnc#804248) seamonkey was updated to SeaMonkey 2.16 (bnc#804248) xulrunner was updated to 17.0.3esr (bnc#804248) chmsee was updated to version 2.0.

Changes in MozillaFirefox 19.0 :

- MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards

- MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering

- MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again

- MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers

- MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers

- MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent

- MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy

- MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

- removed obsolete patches

- mozilla-webrtc.patch

- mozilla-gstreamer-803287.patch

- added patch to fix session restore window order (bmo#712763)

- update to Firefox 18.0.2

- blocklist and CTP updates

- fixes in JS engine

- update to Firefox 18.0.1

- blocklist updates

- backed out bmo#677092 (removed patch)

- fixed problems involving HTTP proxy transactions

- Fix WebRTC to build on powerpc

Changes in MozillaThunderbird :

- update to Thunderbird 17.0.3 (bnc#804248)

- MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety hazards

- MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers

- MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers

- MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent

- MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy

- MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

- update Enigmail to 1.5.1

- The release fixes the regressions found in the past few weeks

Changes in seamonkey :

- update to SeaMonkey 2.16 (bnc#804248)

- MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards

- MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering

- MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again

- MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers

- MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers

- MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent

- MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy

- MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

- removed obsolete patches

- mozilla-webrtc.patch

- mozilla-gstreamer-803287.patch

- update to SeaMonkey 2.15.2

- Applications could not be removed from the 'Application details' dialog under Preferences, Helper Applications (bmo#826771).

- View / Message Body As could show menu items out of context (bmo#831348)

- update to SeaMonkey 2.15.1

- backed out bmo#677092 (removed patch)

- fixed problems involving HTTP proxy transactions

- backed out restartless language packs as it broke multi-locale setup (bmo#677092, bmo#818468)

Changes in xulrunner :

- update to 17.0.3esr (bnc#804248)

- MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety hazards

- MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers

- MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers

- MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent

- MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy

- MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer

Solution

Update the affected Mozilla packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=796895

https://bugzilla.novell.com/show_bug.cgi?id=804248

https://lists.opensuse.org/opensuse-updates/2013-02/msg00061.html

Plugin Details

Severity: Critical

ID: 74898

File Name: openSUSE-2013-141.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mozillathunderbird-devel-debuginfo, p-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common, p-cpe:/a:novell:opensuse:mozillafirefox-debugsource, p-cpe:/a:novell:opensuse:chmsee-debuginfo, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:enigmail-debuginfo, p-cpe:/a:novell:opensuse:chmsee-debugsource, p-cpe:/a:novell:opensuse:xulrunner, p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js-32bit, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozillafirefox-translations-other, p-cpe:/a:novell:opensuse:xulrunner-32bit, p-cpe:/a:novell:opensuse:mozillathunderbird, p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo, p-cpe:/a:novell:opensuse:chmsee, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js, p-cpe:/a:novell:opensuse:xulrunner-debugsource, cpe:/o:novell:opensuse:12.1, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:xulrunner-devel, p-cpe:/a:novell:opensuse:seamonkey-debuginfo, p-cpe:/a:novell:opensuse:mozillafirefox, p-cpe:/a:novell:opensuse:seamonkey-translations-other, p-cpe:/a:novell:opensuse:xulrunner-debuginfo, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource, p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols, p-cpe:/a:novell:opensuse:mozillafirefox-devel, p-cpe:/a:novell:opensuse:mozillathunderbird-devel, p-cpe:/a:novell:opensuse:seamonkey-venkman, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo, p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other, cpe:/o:novell:opensuse:12.2, p-cpe:/a:novell:opensuse:xulrunner-buildsymbols, p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozillafirefox-translations-common, p-cpe:/a:novell:opensuse:seamonkey-debugsource

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2/21/2013

Reference Information

CVE: CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783