[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SA:2011:037 -- SUSE MozillaFirefox,MozillaThunderbird,seamonkey remote code execution

ID: oval:org.secpod.oval:def:400018Date: (C)2012-01-31   (M)2021-12-11
Class: PATCHFamily: unix




Mozilla released a round of security updates. Mozilla Firefox was updated to version 6 on openSUSE 11.4, Mozilla Firefox was updated to version 3.6.20 on openSUSE 11.3 and SUSE Linux Enterprise 10 and 11. Seamonkey was updated to 2.3 on openSUSE 11.3,11.4 Mozilla Thunderbird was updated to 3.1.2 on openSUSE 11.3,11.4. Mozilla XULRunner was updated to 1.9.2.20. The updates bring new features, fix bugs and security issues. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nils and Bob Clary reported memory safety issues which affected Thunderbird 3.1. CVE-2011-2982 Aral Yaman reported a WebGL crash which affected Firefox 4 and Firefox 5. CVE-2011-2989 Vivekanand Bolajwar reported a JavaScript crash which affected Firefox 4 and Firefox 5. CVE-2011-2991 Bert Hubert and Theo Snelleman of Fox-IT reported a crash in the OGG reader which affected Firefox 4 and Firefox 5. CVE-2011-2992 Mozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected Firefox 4 and Firefox 5. CVE-2011-2985 * Unsigned scripts can call script inside signed JAR Rafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. CVE-2011-2993 * String crash using WebGL shaders Michael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. CVE-2011-2988 * Heap overflow in ANGLE library Michael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla"s WebGL implementation. CVE-2011-2987 * Crash in SVGTextElement.getCharNumAtPosition Security researcher regenrecht reported via TippingPoint"s Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability. CVE-2011-0084 * Credential leakage using Content Security Policy reports Mike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy. CVE-2011-2990 * Cross-origin data theft using canvas and Windows D2D nasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain. CVE-2011-2986 * Privilege escalation using event handlers Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in event management code that would permit JavaScript to be run in the wrong context, including that of a different website or potentially in a chrome-privileged context. CVE-2011-2981 * Dangling pointer vulnerability in appendChild Security researcher regenrecht reported via TippingPoint"s Zero Day Initiative that appendChild did not correctly account for DOM objects it operated upon and could be exploited to dereference an invalid pointer. CVE-2011-2378 * Privilege escalation dropping a tab element in content area Mozilla security researcher moz_bug_r_a4 reported that web content could receive chrome privileges if it registered for drop events and a browser tab element was dropped into the content area. CVE-2011-2984 * Binary planting vulnerability in ThinkPadSensor::Startup Security researcher Mitja Kolsek of Acros Security reported that ThinkPadSensor::Startup could potentially be exploited to load a malicious DLL into the running process. CVE-2011-2980 This issue affects probably only MS Windows. * Private data leakage using RegExp.input Security researcher shutdown reported that data from other domains could be read when RegExp.input was set. CVE-2011-2983

Platform:
openSUSE 11.3
Product:
MozillaFirefox
MozillaThunderbird
seamonkey
Reference:
SUSE-SA:2011:037
CVE-2011-0084
CVE-2011-2378
CVE-2011-2980
CVE-2011-2981
CVE-2011-2982
CVE-2011-2983
CVE-2011-2984
CVE-2011-2985
CVE-2011-2986
CVE-2011-2987
CVE-2011-2988
CVE-2011-2989
CVE-2011-2990
CVE-2011-2991
CVE-2011-2992
CVE-2011-2993
CVE    16
CVE-2011-2993
CVE-2011-2988
CVE-2011-2987
CVE-2011-2986
...
CPE    1
cpe:/o:opensuse:opensuse:11.3

© SecPod Technologies