Articles / SuSE: New Firefox packages …

SuSE: New Firefox packages fix security vulnerabilities

Mozilla Firefox was updated to version 10 to fix bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Researchers reported memory safety problems that were fixed in Firefox 10. Jesse Ruderman and Bob Clary reported memory safety problems that were fixed.

For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made using IPv6 syntax using XMLHttpRequest objects through a proxy may generate errors depending on proxy configuration for IPv6. The resulting error messages from the proxy may disclose sensitive data because Same-Origin Policy (SOP) will allow the XMLHttpRequest object to read these error messages, allowing user privacy to be eroded. Alex Dvorov reported that an attacker could replace a sub-frame in another domain’s document by using the name attribute of the sub-frame as a form submission target. This can potentially allow for phishing attacks against users and violates the HTML5 frame navigation policy.

Security researcher regenrecht reported that removed child nodes of nsDOMAttribute can be accessed under certain circumstances because of a premature notification of AttributeChildRemoved. This use-after-free of the child nodes could possibly allow for for remote code execution. Mozilla security researcher moz_bug_r_a4 reported that frame scripts bypass XPConnect security checks when calling untrusted objects. This allows for cross-site scripting (XSS) attacks through web pages and Firefox extensions. The fix enables the Script Security Manager (SSM) to force security checks on all frame scripts. Mozilla developer Tim Abraldes reported that when encoding images as image/vnd.microsoft.icon the resulting data was always a fixed size, with uninitialized memory appended as padding beyond the size of the actual image. This is the result of mImageBufferSize in the encoder being initialized with a value different than the size of the source image. There is the possibility of sensitive data from uninitialized memory being appended to a PNG image when converted fron an ICO format image. This sensitive data may then be disclosed in the resulting image.

Security researcher regenrecht reported the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution. Security researchers Nicolas Gregoire and Aki Helin independently reported that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to a memory corruption. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution. magicant starmen reported that if a user chooses to export their Firefox Sync key the “Firefox Recovery Key.html” file is saved with incorrect permissions, making the file contents potentially readable by other users on Linux and OS X systems.

Updated packages are available from download.opensuse.org.

  openSUSE Security Update: MozillaFirefox: Version 10
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2012:0234-1
Rating:             important
References:         #744275 
Affected Products:
                   openSUSE 11.4
______________________________________________________________________________

  An update that contains security fixes can now be
  installed. It includes 5 new package versions.

Description:

  Mozilla Firefox was updated to version 10 to fix bugs and
  security issues.

  MFSA 2012-01: Mozilla developers identified and fixed
  several memory safety bugs in the browser engine used in
  Firefox and other Mozilla-based products. Some of these
  bugs showed evidence of memory corruption under certain
  circumstances, and we presume that with enough effort at
  least some of these could be exploited to run arbitrary
  code.

  In general these flaws cannot be exploited through email in
  the Thunderbird and SeaMonkey products because scripting is
  disabled, but are potentially a risk in browser or
  browser-like contexts in those products. References

  CVE-2012-0443: Ben Hawkes, Christian Holler, Honza Bombas,
  Jason Orendorff, Jesse Ruderman, Jan Odvarko, Peter Van Der
  Beken, and Bill McCloskey reported memory safety problems
  that were fixed in Firefox 10.

  CVE-2012-0442: Jesse Ruderman and Bob Clary reported memory
  safety problems that were fixed in both Firefox 10 and
  Firefox 3.6.26.


  MFSA 2012-02/CVE-2011-3670: For historical reasons Firefox
  has been generous in its interpretation of web addresses
  containing square brackets around the host. If this host
  was not a valid IPv6 literal address, Firefox attempted to
  interpret the host as a regular domain name. Gregory
  Fleischer reported that requests made using IPv6 syntax
  using XMLHttpRequest objects through a proxy may generate
  errors depending on proxy configuration for IPv6. The
  resulting error messages from the proxy may disclose
  sensitive data because Same-Origin Policy (SOP) will allow
  the XMLHttpRequest object to read these error messages,
  allowing user privacy to be eroded. Firefox now enforces
  RFC 3986 IPv6 literal syntax and that may break links
  written using the non-standard Firefox-only forms that were
  previously accepted.

  This was fixed previously for Firefox 7.0, Thunderbird 7.0,
  and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and
  Thunderbird 3.1.18 during 2012.


  MFSA 2012-03/CVE-2012-0445: Alex Dvorov reported that an
  attacker could replace a sub-frame in another domain's
  document by using the name attribute of the sub-frame as a
  form submission target. This can potentially allow for
  phishing attacks against users and violates the HTML5 frame
  navigation policy.

  Firefox 3.6 and Thunderbird 3.1 are not affected by this
  vulnerability


  MFSA 2012-04/CVE-2011-3659: Security researcher regenrecht
  reported via TippingPoint's Zero Day Initiative that
  removed child nodes of nsDOMAttribute can be accessed under
  certain circumstances because of a premature notification
  of AttributeChildRemoved. This use-after-free of the child
  nodes could possibly allow for for remote code execution.

  MFSA 2012-05/CVE-2012-0446: Mozilla security researcher
  moz_bug_r_a4 reported that frame scripts bypass XPConnect
  security checks when calling untrusted objects. This allows
  for cross-site scripting (XSS) attacks through web pages
  and Firefox extensions. The fix enables the Script Security
  Manager (SSM) to force security checks on all frame scripts.

  Firefox 3.6 and Thunderbird 3.1 are not affected by this
  vulnerability


  MFSA 2012-06/CVE-2012-0447: Mozilla developer Tim Abraldes
  reported that when encoding images as
  image/vnd.microsoft.icon the resulting data was always a
  fixed size, with uninitialized memory appended as padding
  beyond the size of the actual image. This is the result of
  mImageBufferSize in the encoder being initialized with a
  value different than the size of the source image. There is
  the possibility of sensitive data from uninitialized memory
  being appended to a PNG image when converted fron an ICO
  format image. This sensitive data may then be disclosed in
  the resulting image.

  Firefox 3.6 and Thunderbird 3.1 are not affected by this
  vulnerability


  MFSA 2012-07/CVE-2012-0444: Security researcher regenrecht
  reported via TippingPoint's Zero Day Initiative the
  possibility of memory corruption during the decoding of Ogg
  Vorbis files. This can cause a crash during decoding and
  has the potential for remote code execution.


  MFSA 2012-08/CVE-2012-0449: Security researchers Nicolas
  Gregoire and Aki Helin independently reported that when
  processing a malformed embedded XSLT stylesheet, Firefox
  can crash due to a memory corruption. While there is no
  evidence that this is directly exploitable, there is a
  possibility of remote code execution.

  MFSA 2012-09/CVE-2012-0450: magicant starmen reported that
  if a user chooses to export their Firefox Sync key the
  "Firefox Recovery Key.html" file is saved with incorrect
  permissions, making the file contents potentially readable
  by other users on Linux and OS X systems.

  Firefox 3.6 is not affected by this vulnerability.


Special Instructions and Notes:

  Please reboot the system after installing this update.This
  update triggers a restart of the software management stack.
  More updates will be available for installation after
  applying this update and restarting the application. This
  update triggers a restart of the software management stack.
  More updates will be available for installation after
  applying this update and restarting the application.

Patch Instructions:

  To install this openSUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - openSUSE 11.4:

     zypper in -t patch MozillaFirefox-5750 MozillaThunderbird-5751 mozilla-js192-5749 seamonkey-5768

  To bring your system up-to-date, use "zypper patch".


Package List:

  - openSUSE 11.4 (i586 x86_64) [New Version: 1.9.2.26,10.0,2.7 and 3.1.18]:

     MozillaFirefox-10.0-0.2.1
     MozillaFirefox-branding-upstream-10.0-0.2.1
     MozillaFirefox-buildsymbols-10.0-0.2.1
     MozillaFirefox-devel-10.0-0.2.1
     MozillaFirefox-translations-common-10.0-0.2.1
     MozillaFirefox-translations-other-10.0-0.2.1
     MozillaThunderbird-3.1.18-0.23.1
     MozillaThunderbird-buildsymbols-3.1.18-0.23.1
     MozillaThunderbird-devel-3.1.18-0.23.1
     MozillaThunderbird-translations-common-3.1.18-0.23.1
     MozillaThunderbird-translations-other-3.1.18-0.23.1
     enigmail-1.1.2+3.1.18-0.23.1
     mozilla-js192-1.9.2.26-0.2.1
     mozilla-xulrunner192-1.9.2.26-0.2.1
     mozilla-xulrunner192-buildsymbols-1.9.2.26-0.2.1
     mozilla-xulrunner192-devel-1.9.2.26-0.2.1
     mozilla-xulrunner192-gnome-1.9.2.26-0.2.1
     mozilla-xulrunner192-translations-common-1.9.2.26-0.2.1
     mozilla-xulrunner192-translations-other-1.9.2.26-0.2.1
     seamonkey-2.7-0.2.1
     seamonkey-dom-inspector-2.7-0.2.1
     seamonkey-irc-2.7-0.2.1
     seamonkey-translations-common-2.7-0.2.1
     seamonkey-translations-other-2.7-0.2.1
     seamonkey-venkman-2.7-0.2.1

  - openSUSE 11.4 (x86_64) [New Version: 1.9.2.26]:

     mozilla-js192-32bit-1.9.2.26-0.2.1
     mozilla-xulrunner192-32bit-1.9.2.26-0.2.1
     mozilla-xulrunner192-gnome-32bit-1.9.2.26-0.2.1
     mozilla-xulrunner192-translations-common-32bit-1.9.2.26-0.2.1
     mozilla-xulrunner192-translations-other-32bit-1.9.2.26-0.2.1


References:

  https://bugzilla.novell.com/744275
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.