The Mozilla Firefox was updated to current stable versions on all affected Linux products. openSUSE 10.3,11.0 and 11.1: Firefox was updated to the current stable branch version 3.0.14. These updates were already released on September 21st. The SUSE Linux Enterprise 11 products were upgraded to Mozilla Firefox 3.5.3, released on September 30th. The SUSE Linux Enterprise 10 Service Pack 2 and 3 were upgraded to Mozilla Firefox 3.5.3, released on October 20th. These updates fix various bugs and security issues: CVE-2009-3071 / CVE-2009-3075: Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. CVE-2009-3076: Mozilla security researcher Jesse Ruderman reported that when security modules were added or removed via pkcs11.addmodule or pkcs11.deletemodule, the resulting dialog was not sufficiently informative. Without sufficient warning, an attacker could entice a victim to install a malicious PKCS11 module and affect the cryptographic integrity of the victim"s browser. Security researcher Dan Kaminsky reported that this issue had not been fixed in Firefox 3.0 and that under certain circumstances pkcs11 modules could be installed from a remote location. Firefox 3.5 releases are not affected. CVE-2009-3077: An anonymous security researcher, via TippingPoint"s Zero Day Initiative, reported that the columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. An attacker could potentially use this vulnerability to crash a victim"s browser and run arbitrary code on the victim"s computer. CVE-2009-3078: Security researcher Juan Pablo Lopez Yacubian reported that the default Windows font used to render the location bar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view. An attacker could use this vulnerability to prevent a user from seeing the URL of a malicious site. Corrie Sloot also independently reported this issue to Mozilla. CVE-2009-3079: Mozilla security researcher moz_bug_r_a4 reported that the BrowserFeedWriter could be leveraged to run JavaScript code from web content with elevated privileges. Using this vulnerability, an attacker could construct an object containing malicious JavaScript and cause the FeedWriter to process the object, running the malicious code with chrome privileges. Thunderbird does not support the BrowserFeedWriter object and is not vulnerable in its default configuration. Thunderbird might be vulnerable if the user has installed any add-on which adds a similarly implemented feature and then enables JavaScript in mail messages. This is not the default setting and we strongly discourage users from running JavaScript in mail. Also released were SSL certificate handling fixes which required updates to the Mozilla NSS and NSPR libraries. The two security issues fixed there are: MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger , allows remote SSL servers to cause a denial of service or possibly execute arbitrary code via a long domain name in the subject"s Common Name field of an X.509 certificate, related to the cert_TestHostName function. CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates.