openSUSE-SU-2012:1065-1 -- Suse MozillaFirefoxID: oval:org.secpod.oval:def:400421 | Date: (C)2012-12-31 (M)2021-09-11 |
Class: PATCH | Family: unix |
Mozilla Firefox, Thunderbird, xulrunner, seamonkey 15.0 update * MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1 975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE- 2012-3959 CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE- 2012-3964 Use-after-free issues found using Address Sanitizer * MFSA 2012-59/CVE-2012-1956 Location object can be shadowed using Object.defineProperty * MFSA 2012-60/CVE-2012-3965 Escalation of privilege through about:newtab * MFSA 2012-61/CVE-2012-3966 Memory corruption with bitmap format images with negative height * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 WebGL use-after-free and memory corruption * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 SVG buffer overflow and use-after-free issues * MFSA 2012-64/CVE-2012-3971 Graphite 2 memory corruption * MFSA 2012-65/CVE-2012-3972 Out-of-bounds read in format-number in XSLT * MFSA 2012-66/CVE-2012-3973 HTTPMonitor extension allows for remote debugging without explicit activation * MFSA 2012-68/CVE-2012-3975 DOMParser loads linked resources in extensions when parsing text/html * MFSA 2012-69/CVE-2012-3976 Incorrect site SSL certificate data display * MFSA 2012-70/CVE-2012-3978 Location object security checks bypassed by chrome code * MFSA 2012-72/CVE-2012-3980 Web console eval capable of executing chrome-privileged code - fix HTML5 video crash with GStreamer enabled - GStreamer is only used for MP4 - updated filelist - moved browser specific preferences to correct location