Articles / SuSE: New Firefox packages …

SuSE: New Firefox packages fix remote code execution

Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems that affected Firefox 3.6 and Firefox 6. Josh Aas reported a potential crash in the plugin API that affected Firefox 3.6 only.

Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. Mozilla developer Boris Zbarsky reported that a frame named “location” could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy. Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers: Mozilla would use the second Location header while Chrome and Internet Explorer would use the first. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server.

Mariusz Mlynski reported that if you could convince a user to hold down the Enter key–as part of a game or test, perhaps–a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content.

Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1096-1
Rating:             important
References:         #720264 
Affected Products:
                   SUSE Linux Enterprise Software Development Kit 11 SP1
                   SUSE Linux Enterprise Server 11 SP1 for VMware
                   SUSE Linux Enterprise Server 11 SP1
                   SUSE Linux Enterprise Server 10 SP4
                   SUSE Linux Enterprise Server 10 SP3
                   SUSE Linux Enterprise Desktop 11 SP1
                   SUSE Linux Enterprise Desktop 10 SP4
                   SLE SDK 10 SP4
                   SLE SDK 10 SP3
______________________________________________________________________________

  An update that contains security fixes can now be
  installed. It includes two new package versions.

Description:


  Mozilla Firefox was updated to version 3.6.23, fixing
  various bugs and  security issues.

  *

  MFSA 2011-36: Mozilla developers identified and fixed
  several memory safety bugs in the browser engine used in
  Firefox and other Mozilla-based products. Some of these
  bugs showed evidence of memory corruption under certain
  circumstances, and we presume that with enough effort at
  least some of these could be exploited to run arbitrary
  code.

  In general these flaws cannot be exploited through
  email in the Thunderbird and SeaMonkey products because
  scripting is disabled,, but are potentially a risk in
  browser or browser-like contexts in those products.

  *

  Benjamin Smedberg, Bob Clary, and Jesse Ruderman
  reported memory safety problems that affected Firefox 3.6
  and Firefox 6. (CVE-2011-2995)

  *

  Josh Aas reported a potential crash in the plugin API
  that affected Firefox 3.6 only. (CVE-2011-2996)

  *

  MFSA 2011-37: Mark Kaplan reported a potentially
  exploitable crash due to integer underflow when using a
  large JavaScript RegExp expression. We would also like to
  thank Mark for contributing the fix for this problem. (no
  CVE yet)

  *

  MFSA 2011-38: Mozilla developer Boris Zbarsky
  reported that a frame named "location" could shadow the
  window.location object unless a script in a page grabbed a
  reference to the true object before the frame was created.
  Because some plugins use the value of window.location to
  determine the page origin this could fool the plugin into
  granting the plugin content access to another site or the
  local file system in violation of the Same Origin Policy.
  This flaw allows circumvention of the fix added for MFSA
  2010-10. (CVE-2011-2999)

  *

  MFSA 2011-39: Ian Graham of Citrix Online reported
  that when multiple Location headers were present in a
  redirect response Mozilla behavior differed from other
  browsers: Mozilla would use the second Location header
  while Chrome and Internet Explorer would use the first. Two
  copies of this header with different values could be a
  symptom of a CRLF injection attack against a vulnerable
  server. Most commonly it is the Location header itself that
  is vulnerable to the response splitting and therefore the
  copy preferred by Mozilla is more likely to be the
  malicious one. It is possible, however, that the first copy
  was the injected one depending on the nature of the server
  vulnerability.

  The Mozilla browser engine has been changed to treat
  two copies of this header with different values as an error
  condition. The same has been done with the headers
  Content-Length and Content-Disposition. (CVE-2011-3000)

  *

  MFSA 2011-40: Mariusz Mlynski reported that if you
  could convince a user to hold down the Enter key--as part
  of a game or test, perhaps--a malicious page could pop up a
  download dialog where the held key would then activate the
  default Open action. For some file types this would be
  merely annoying (the equivalent of a pop-up) but other file
  types have powerful scripting capabilities. And this would
  provide an avenue for an attacker to exploit a
  vulnerability in applications not normally exposed to
  potentially hostile internet content.

  Holding enter allows arbitrary code execution due to
  Download Manager (CVE-2011-2372)

Indications:

  Please install this update.

Patch Instructions:

  To install this SUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - SUSE Linux Enterprise Software Development Kit 11 SP1:

     zypper in -t patch sdksp1-MozillaFirefox-5224

  - SUSE Linux Enterprise Server 11 SP1 for VMware:

     zypper in -t patch slessp1-MozillaFirefox-5224

  - SUSE Linux Enterprise Server 11 SP1:

     zypper in -t patch slessp1-MozillaFirefox-5224

  - SUSE Linux Enterprise Desktop 11 SP1:

     zypper in -t patch sledsp1-MozillaFirefox-5224

  To bring your system up-to-date, use "zypper patch".


Package List:

  - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.9.2.23]:

     mozilla-xulrunner192-devel-1.9.2.23-1.2.1

  - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64) [New Version: 1.9.2.23]:

     mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1
     mozilla-xulrunner192-translations-32bit-1.9.2.23-1.2.1

  - SUSE Linux Enterprise Software Development Kit 11 SP1 (ia64) [New Version: 1.9.2.23]:

     mozilla-xulrunner192-gnome-x86-1.9.2.23-1.2.1
     mozilla-xulrunner192-translations-x86-1.9.2.23-1.2.1

  - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 3.6.23]:

     MozillaFirefox-3.6.23-0.3.1
     MozillaFirefox-translations-3.6.23-0.3.1
     mozilla-xulrunner192-1.9.2.23-1.2.1
     mozilla-xulrunner192-gnome-1.9.2.23-1.2.1
     mozilla-xulrunner192-translations-1.9.2.23-1.2.1

  - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64):

     mozilla-xulrunner192-32bit-1.9.2.23-1.2.1

  - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.9.2.23 and 3.6.23]:

     MozillaFirefox-3.6.23-0.3.1
     MozillaFirefox-translations-3.6.23-0.3.1
     mozilla-xulrunner192-1.9.2.23-1.2.1
     mozilla-xulrunner192-gnome-1.9.2.23-1.2.1
     mozilla-xulrunner192-translations-1.9.2.23-1.2.1

  - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 1.9.2.23]:

     mozilla-xulrunner192-32bit-1.9.2.23-1.2.1

  - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 1.9.2.23]:

     mozilla-xulrunner192-x86-1.9.2.23-1.2.1

  - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 1.9.2.23]:

     mozilla-xulrunner192-1.9.2.23-1.6.1
     mozilla-xulrunner192-gnome-1.9.2.23-1.6.1
     mozilla-xulrunner192-translations-1.9.2.23-1.6.1

  - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 3.6.23]:

     MozillaFirefox-3.6.23-0.5.1
     MozillaFirefox-translations-3.6.23-0.5.1

  - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 1.9.2.23]:

     mozilla-xulrunner192-32bit-1.9.2.23-1.6.1
     mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.6.1
     mozilla-xulrunner192-translations-32bit-1.9.2.23-1.6.1

  - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64) [New Version: 1.9.2.23]:

     mozilla-xulrunner192-1.9.2.23-1.6.1
     mozilla-xulrunner192-gnome-1.9.2.23-1.6.1
     mozilla-xulrunner192-translations-1.9.2.23-1.6.1

  - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x) [New Version: 3.6.23]:

     MozillaFirefox-3.6.23-0.5.1
     MozillaFirefox-translations-3.6.23-0.5.1

  - SUSE Linux Enterprise Server 10 SP3 (s390x x86_64) [New Version: 1.9.2.23]:

     mozilla-xulrunner192-32bit-1.9.2.23-1.6.1
     mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.6.1
     mozilla-xulrunner192-translations-32bit-1.9.2.23-1.6.1

  - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.9.2.23 and 3.6.23]:

     MozillaFirefox-3.6.23-0.3.1
     MozillaFirefox-translations-3.6.23-0.3.1
     mozilla-xulrunner192-1.9.2.23-1.2.1
     mozilla-xulrunner192-gnome-1.9.2.23-1.2.1
     mozilla-xulrunner192-translations-1.9.2.23-1.2.1

  - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 1.9.2.23]:

     mozilla-xulrunner192-32bit-1.9.2.23-1.2.1
     mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1
     mozilla-xulrunner192-translations-32bit-1.9.2.23-1.2.1

  - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 1.9.2.23]:

     mozilla-xulrunner192-1.9.2.23-1.6.1
     mozilla-xulrunner192-gnome-1.9.2.23-1.6.1
     mozilla-xulrunner192-translations-1.9.2.23-1.6.1

  - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 1.9.2.23]:

     mozilla-xulrunner192-32bit-1.9.2.23-1.6.1
     mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.6.1
     mozilla-xulrunner192-translations-32bit-1.9.2.23-1.6.1

  - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 3.6.23]:

     MozillaFirefox-3.6.23-0.5.1
     MozillaFirefox-translations-3.6.23-0.5.1

  - SLE SDK 10 SP4 (i586 ia64 ppc s390x):

     MozillaFirefox-branding-upstream-3.6.23-0.5.1

  - SLE SDK 10 SP3 (i586 ia64 ppc s390x) [New Version: 3.6.23]:

     MozillaFirefox-branding-upstream-3.6.23-0.5.1


References:

  https://bugzilla.novell.com/720264
  http://download.novell.com/patch/finder/?keywords=10c4cb33ededc2c321d18a148b90acfb
  http://download.novell.com/patch/finder/?keywords=46722e64fe17eadd1ef21115efb414e0
  http://download.novell.com/patch/finder/?keywords=8026ac2197f43942ee30e9d32864f793
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.