[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

openSUSE-SU-2013:0630-1 -- Suse Mozilla Firefox and others

ID: oval:org.secpod.oval:def:400526Date: (C)2013-04-09   (M)2017-09-22
Class: PATCHFamily: unix




The Mozilla suite received security and bugfix updates: Mozilla Firefox was updated to version 20.0. Mozilla Thunderbird was updated to version 17.0.5. Mozilla Seamonkey was updated to version 17.0.5. Mozilla XULRunner was updated to version 17.0.5. mozilla-nss was updated to version 3.14.3. mozilla-nspr was updated to version 4.9.6. mozilla-nspr was updated to version 4.9.6: * aarch64 support * added PL_SizeOfArenaPoolExcludingPool function * Auto detect android api version for x86 * Initialize Windows CRITICAL_SECTIONs without debug info and with nonzero spin count Previous update to version 4.9.5 * bmo#634793: define NSPR"s exact-width integer types PRInt{N} and PRUint{N} types to match the <stdint.h> exact-width integer types int{N}_t and uint{N}_t. * bmo#782815: passing "int *" to parameter of type "unsigned int *" in setsockopt. * bmo#822932: Port bmo#802527 to NSPR. * bmo#824742: NSPR shouldn"t require librt on Android. * bmo#831793: data race on lib->refCount in PR_UnloadLibrary. mozilla-nss was updated to version 3.14.3: * disable tests with expired certificates * add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from mozilla tree to fulfill Firefox 21 requirements * No new major functionality is introduced in this release. This release is a patch release to address CVE-2013-1620 * "certutil -a" was not correctly producing ASCII output as requested. * NSS 3.14.2 broke compilation with older versions of sqlite that lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now properly compiles when used with older versions of sqlite - remove system-sqlite.patch * add arm aarch64 support * added system-sqlite.patch * do not depend on latest sqlite just for a #define * enable system sqlite usage again * update to 3.14.2 * required for Firefox >= 20 * removed obsolete nssckbi update patch * MFSA 2013-40/CVE-2013-0791 Out-of-bounds array read in CERT_DecodeCertPackage * disable system sqlite usage since we depend on 3.7.15 which is not provided in any openSUSE distribution * add nss-sqlitename.patch to avoid any name clash Changes in MozillaFirefox: - update to Firefox 20.0 * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 Cross-site scripting using timed history navigations * MFSA 2013-39/CVE-2013-0792 Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 - build fixes for armv7hl: * disable debug build as armv7hl does not have enough memory * disable webrtc on armv7hl as it is non-compiling Changes in MozillaThunderbird: - update to Thunderbird 17.0.5 * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-38/CVE-2013-0793 Cross-site scripting using timed history navigations Changes in seamonkey: - update to SeaMonkey 2.17 * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 Cross-site scripting using timed history navigations * MFSA 2013-39/CVE-2013-0792 Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 Changes in xulrunner: - update to 17.0.5esr * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 Cross-site scripting using timed history navigations

Platform:
openSUSE 12.2
openSUSE 12.3
openSUSE 12.1
Product:
Mozilla Firefox and others
Reference:
openSUSE-SU-2013:0630-1
CVE-2013-0788
CVE-2013-0789
CVE-2013-0791
CVE-2013-0792
CVE-2013-0793
CVE-2013-0794
CVE-2013-0795
CVE-2013-0796
CVE-2013-0800
CVE-2013-1620
CVE    10
CVE-2013-0796
CVE-2013-1620
CVE-2013-0794
CVE-2013-0795
...
CPE    154
cpe:/a:mozilla:network_security_services
cpe:/a:mozilla:firefox_esr:17.0.4
cpe:/a:mozilla:firefox_esr:17.0.3
cpe:/a:mozilla:firefox_esr:17.0.2
...

© 2013 SecPod Technologies