openSUSE-SU-2013:1634-1 -- Suse MozillaID: oval:org.secpod.oval:def:400564 | Date: (C)2013-11-26 (M)2023-12-07 |
Class: PATCH | Family: unix |
Update NSPR to 4.10.1 Update Thunderbird to 24.1.0 Update Firefox to 24.1.0esr Changes in MozillaFirefox: * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 Use-after-free when updating offline cache * MFSA 2013-99/CVE-2013-5598 Security bypass of PDF.js checks using iframes * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 Use-after-free in HTML document templates Changes in MozillaThunderbird: * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 Use-after-free when updating offline cache * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 Use-after-free in HTML document templates - update to Thunderbird 24.0.1 * fqdn for smtp server name was not accepted * fixed crash in PL_strncasecmp - update Enigmail to 1.6 * The passphrase timeout configuration in Enigmail is now read and written from/to gpg-agent. * New dialog to change the expiry date of keys * New function to search for the OpenPGP keys of all Address Book entries on a keyserver * removed obsolete enigmail-build.patch Changes in mozilla-nspr: - update to version 4.10.1 * bmo#888273: RWIN Scaling limited to 2 on Windows 7 and 8 * bmo#907512: Unix platforms shouldn"t mask errors specific to Unix domain sockets