Detections
Analytics

openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr / etc (openSUSE-SU-2013:1348-1)

critical Nessus Plugin ID 75122

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

Changes in seamonkey :

 - update to SeaMonkey 2.20 (bnc#833389)

 - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards

 - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody

 - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests

 - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding

 - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

 - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

 - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes

 - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

 - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

 - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

 - requires NSPR 4.10 and NSS 3.15

 - removed obsolete seamonkey-shared-nss-db.patch

Changes in seamonkey :

 - update to SeaMonkey 2.20 (bnc#833389)

 - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards

 - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody

 - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests

 - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding

 - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

 - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

 - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes

 - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

 - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

 - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

 - requires NSPR 4.10 and NSS 3.15

 - removed obsolete seamonkey-shared-nss-db.patch

Changes in xulrunner :

 - update to 17.0.8esr (bnc#833389)

 - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards

 - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

 - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

 - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

 - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

 - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

Changes in xulrunner :

 - update to 17.0.8esr (bnc#833389)

 - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards

 - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

 - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

 - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

 - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

 - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

Changes in MozillaThunderbird :

 - update to Thunderbird 17.0.8 (bnc#833389)

 - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards

 - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

 - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

 - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

 - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

 - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

 - update Enigmail to 1.5.2

 - bugfix release

Changes in MozillaThunderbird :

 - update to Thunderbird 17.0.8 (bnc#833389)

 - MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards

 - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

 - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

 - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

 - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

 - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

 - update Enigmail to 1.5.2

 - bugfix release

Changes in mozilla-nss :

 - fix 32bit requirement, it's without () actually

 - update to 3.15.1

 - TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported.

 - some bugfixes and improvements

 - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991)

 - update to 3.15

 - Packaging

 + removed obsolete patches

 - nss-disable-expired-testcerts.patch

 - bug-834091.patch

 - New Functionality

 + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);

 + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.

 + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.

 + certutil has been updated to support creating name constraints extensions.

 - New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension.
 in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete.
 SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.

 - New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems.

 - New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE

 - Notable changes

 + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code.

 + The list of root CA certificates in the nssckbi module has been updated.

 + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache.

 - a lot of bugfixes

 - Add Source URL, see https://en.opensuse.org/SourceUrls

Changes in mozilla-nss :

 - fix 32bit requirement, it's without () actually

 - update to 3.15.1

 - TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported.

 - some bugfixes and improvements

 - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991)

 - update to 3.15

 - Packaging

 + removed obsolete patches

 - nss-disable-expired-testcerts.patch

 - bug-834091.patch

 - New Functionality

 + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);

 + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.

 + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.

 + certutil has been updated to support creating name constraints extensions.

 - New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension.
 in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete.
 SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.

 - New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems.

 - New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE

 - Notable changes

 + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code.

 + The list of root CA certificates in the nssckbi module has been updated.

 + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache.

 - a lot of bugfixes

 - Add Source URL, see https://en.opensuse.org/SourceUrls

Changes in mozilla-nspr :

 - update to version 4.10

 - bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena.

 - bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf.

 - bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10.

 - bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c.

 - bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h.

 - bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux.

 - bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority.

Changes in mozilla-nspr :

 - update to version 4.10

 - bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena.

 - bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf.

 - bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10.

 - bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c.

 - bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h.

 - bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux.

 - bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority.

Changes in MozillaFirefox :

 - update to Firefox 23.0 (bnc#833389)

 - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards

 - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody

 - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests

 - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding

 - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

 - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

 - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes

 - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

 - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

 - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

 - requires NSPR 4.10 and NSS 3.15

 - fix build on ARM (/-g/ matches /-grecord-switches/)

Changes in MozillaFirefox :

 - update to Firefox 23.0 (bnc#833389)

 - MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards

 - MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody

 - MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests

 - MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding

 - MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading

 - MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks

 - MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes

 - MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some JavaScript components

 - MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest

 - MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system

 - requires NSPR 4.10 and NSS 3.15

 - fix build on ARM (/-g/ matches /-grecord-switches/)

Solution

Update the affected MozillaFirefox / MozillaThunderbird / mozilla-nspr / etc packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=833389

https://en.opensuse.org/SourceUrls

https://lists.opensuse.org/opensuse-updates/2013-08/msg00036.html

Plugin Details

Severity: Critical

ID: 75122

File Name: openSUSE-2013-652.nasl

Version: 1.6

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mozilla-js-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozillafirefox-translations-other, p-cpe:/a:novell:opensuse:xulrunner-32bit, p-cpe:/a:novell:opensuse:mozillathunderbird, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xulrunner-devel-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:mozilla-nspr-devel, p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3, p-cpe:/a:novell:opensuse:mozilla-js, p-cpe:/a:novell:opensuse:mozilla-nss-certs, p-cpe:/a:novell:opensuse:mozilla-nss-tools, p-cpe:/a:novell:opensuse:libsoftokn3, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit, p-cpe:/a:novell:opensuse:xulrunner-debugsource, p-cpe:/a:novell:opensuse:xulrunner-devel, p-cpe:/a:novell:opensuse:seamonkey-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozillafirefox, p-cpe:/a:novell:opensuse:seamonkey-translations-other, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debugsource, p-cpe:/a:novell:opensuse:xulrunner-debuginfo, p-cpe:/a:novell:opensuse:mozillathunderbird-devel-debuginfo, p-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common, p-cpe:/a:novell:opensuse:mozillafirefox-debugsource, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:enigmail-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-devel, p-cpe:/a:novell:opensuse:xulrunner, p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource, p-cpe:/a:novell:opensuse:mozillafirefox-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js-32bit, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit, p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource, p-cpe:/a:novell:opensuse:mozillafirefox-buildsymbols, p-cpe:/a:novell:opensuse:mozillafirefox-devel, p-cpe:/a:novell:opensuse:mozillathunderbird-devel, p-cpe:/a:novell:opensuse:libsoftokn3-32bit, p-cpe:/a:novell:opensuse:seamonkey-venkman, p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo, p-cpe:/a:novell:opensuse:mozilla-js-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo, p-cpe:/a:novell:opensuse:mozillafirefox-branding-upstream, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:12.2, p-cpe:/a:novell:opensuse:mozilla-nspr, p-cpe:/a:novell:opensuse:xulrunner-buildsymbols, p-cpe:/a:novell:opensuse:xulrunner-debuginfo-32bit, p-cpe:/a:novell:opensuse:libfreebl3-32bit, p-cpe:/a:novell:opensuse:mozilla-nspr-32bit, p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss, p-cpe:/a:novell:opensuse:mozillafirefox-translations-common, p-cpe:/a:novell:opensuse:seamonkey-debugsource, p-cpe:/a:novell:opensuse:mozilla-nss-32bit

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/8/2013

Exploitable With

Metasploit (Firefox toString console.time Privileged Javascript Injection)

Reference Information

CVE: CVE-2013-1701, CVE-2013-1702, CVE-2013-1704, CVE-2013-1705, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717