Articles / SuSE: New Firefox packages …

SuSE: New Firefox packages fix security vulnerabilities

MozillaFirefox has been updated to 10.0.5ESR fixing various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Security researcher James Forshaw found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla’s updater to load a local DLL file in a privileged context. The updater can be called by the Updater Service or independently on systems that do not use the service. The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable.

Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy’s (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure.

Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free while replacing/inserting a node in a document. This use-after-free could possibly allow for remote code execution. Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed.

Security researcher Abhishek Arya used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem. The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable.

Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0746-1
Rating:             important
References:         #765204 
Affected Products:
                   SUSE Linux Enterprise Software Development Kit 11 SP2
                   SUSE Linux Enterprise Software Development Kit 11 SP1
                   SUSE Linux Enterprise Server 11 SP2
                   SUSE Linux Enterprise Server 11 SP1 for VMware
                   SUSE Linux Enterprise Server 11 SP1
                   SUSE Linux Enterprise Server 10 SP4
                   SUSE Linux Enterprise Desktop 11 SP2
                   SUSE Linux Enterprise Desktop 11 SP1
                   SUSE Linux Enterprise Desktop 10 SP4
                   SLE SDK 10 SP4
______________________________________________________________________________

  An update that contains security fixes can now be
  installed. It includes three new package versions.

Description:


  MozillaFirefox has been updated to 10.0.5ESR fixing various
  bugs and  security issues.

  *

  MFSA 2012-34 Mozilla developers identified and fixed
  several memory safety bugs in the browser engine used in
  Firefox and other Mozilla-based products. Some of these
  bugs showed evidence of memory corruption under certain
  circumstances, and we presume that with enough effort at
  least some of these could be exploited to run arbitrary
  code.

  In general these flaws cannot be exploited through
  email in the Thunderbird and SeaMonkey products because
  scripting is disabled, but are potentially a risk in
  browser or browser-like contexts in those products.
  References

  Jesse Ruderman, Igor Bukanov, Bill McCloskey,
  Christian Holler, Andrew McCreight, and Brian Bondy
  reported memory safety problems and crashes that affect
  Firefox 12.(CVE-2012-1938)

  Christian Holler reported a memory safety problem
  that affects Firefox ESR. (CVE-2012-1939)

  Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse
  Ruderman reported memory safety problems and crashes that
  affect Firefox ESR and Firefox 13. (CVE-2012-1937)

  Ken Russell of Google reported a bug in NVIDIA
  graphics drivers that they needed to work around in the
  Chromium WebGL implementation. Mozilla has done the same in
  Firefox 13 and ESR 10.0.5. (CVE-2011-3101)

  *

  MFSA 2012-35 Security researcher James Forshaw of
  Context Information Security found two issues with the
  Mozilla updater and the Mozilla updater service introduced
  in Firefox 12 for Windows. The first issue allows Mozilla's
  updater to load a local DLL file in a privileged context.
  The updater can be called by the Updater Service or
  independently on systems that do not use the service. The
  second of these issues allows for the updater service to
  load an arbitrary local DLL file, which can then be run
  with the same system privileges used by the service. Both
  of these issues require local file system access to be
  exploitable.

  Possible Arbitrary Code Execution by Update Service
  (CVE-2012-1942) Updater.exe loads wsock32.dll from
  application directory (CVE-2012-1943)

  *

  MFSA 2012-36 Security researcher Adam Barth found
  that inline event handlers, such as onclick, were no longer
  blocked by Content Security Policy's (CSP) inline-script
  blocking feature. Web applications relying on this feature
  of CSP to protect against cross-site scripting (XSS) were
  not fully protected. (CVE-2012-1944)

  *

  MFSA 2012-37 Security researcher Paul Stone reported
  an attack where an HTML page hosted on a Windows share and
  then loaded could then load Windows shortcut files (.lnk)
  in the same share. These shortcut files could then link to
  arbitrary locations on the local file system of the
  individual loading the HTML page. That page could show the
  contents of these linked files or directories from the
  local file system in an iframe, causing information
  disclosure.

  This issue could potentially affect Linux machines
  with samba shares enabled. (CVE-2012-1945)

  *

  MFSA 2012-38 Security researcher Arthur Gerkis used
  the Address Sanitizer tool to find a use-after-free while
  replacing/inserting a node in a document. This
  use-after-free could possibly allow for remote code
  execution. (CVE-2012-1946)

  *

  MFSA 2012-39 Security researcher Kaspar Brand found a
  flaw in how the Network Security Services (NSS) ASN.1
  decoder handles zero length items. Effects of this issue
  depend on the field. One known symptom is an unexploitable
  crash in handling OCSP responses. NSS also mishandles
  zero-length basic constraints, assuming default values for
  some types that should be rejected as malformed. These
  issues have been addressed in NSS 3.13.4, which is now
  being used by Mozilla. (CVE-2012-0441)

  *

  MFSA 2012-40 Security researcher Abhishek Arya of
  Google used the Address Sanitizer tool to uncover several
  issues: two heap buffer overflow bugs and a use-after-free
  problem. The first heap buffer overflow was found in
  conversion from unicode to native character sets when the
  function fails. The use-after-free occurs in nsFrameList
  when working with column layout with absolute positioning
  in a container that changes size. The second buffer
  overflow occurs in nsHTMLReflowState when a window is
  resized on a page with nested columns and a combination of
  absolute and relative positioning. All three of these
  issues are potentially exploitable.

  Heap-buffer-overflow in utf16_to_isolatin1
  (CVE-2012-1947) Heap-use-after-free in
  nsFrameList::FirstChild (CVE-2012-1940)

  Heap-buffer-overflow in
  nsHTMLReflowState::CalculateHypotheticalBox, with nested
  multi-column, relative position, and absolute position
  (CVE-2012-1941)

  More information on security issues can be found on:
  http://www.mozilla.org/security/announce/
  <http://www.mozilla.org/security/announce/>


Patch Instructions:

  To install this SUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - SUSE Linux Enterprise Software Development Kit 11 SP2:

     zypper in -t patch sdksp1-MozillaFirefox-6425

  - SUSE Linux Enterprise Software Development Kit 11 SP1:

     zypper in -t patch sdksp1-MozillaFirefox-6425

  - SUSE Linux Enterprise Server 11 SP2:

     zypper in -t patch slessp1-MozillaFirefox-6425

  - SUSE Linux Enterprise Server 11 SP1 for VMware:

     zypper in -t patch slessp1-MozillaFirefox-6425

  - SUSE Linux Enterprise Server 11 SP1:

     zypper in -t patch slessp1-MozillaFirefox-6425

  - SUSE Linux Enterprise Desktop 11 SP2:

     zypper in -t patch sledsp1-MozillaFirefox-6425

  - SUSE Linux Enterprise Desktop 11 SP1:

     zypper in -t patch sledsp1-MozillaFirefox-6425

  To bring your system up-to-date, use "zypper patch".


Package List:

  - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]:

     mozilla-nspr-devel-4.9.1-0.5.1
     mozilla-nss-devel-3.13.5-0.4.2

  - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]:

     mozilla-nspr-devel-4.9.1-0.5.1
     mozilla-nss-devel-3.13.5-0.4.2

  - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]:

     MozillaFirefox-10.0.5-0.3.6
     MozillaFirefox-translations-10.0.5-0.3.6
     libfreebl3-3.13.5-0.4.2
     mozilla-nspr-4.9.1-0.5.1
     mozilla-nss-3.13.5-0.4.2
     mozilla-nss-tools-3.13.5-0.4.2

  - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]:

     libfreebl3-32bit-3.13.5-0.4.2
     mozilla-nspr-32bit-4.9.1-0.5.1
     mozilla-nss-32bit-3.13.5-0.4.2

  - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.13.5 and 4.9.1]:

     libfreebl3-x86-3.13.5-0.4.2
     mozilla-nspr-x86-4.9.1-0.5.1
     mozilla-nss-x86-3.13.5-0.4.2

  - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]:

     MozillaFirefox-10.0.5-0.3.6
     MozillaFirefox-translations-10.0.5-0.3.6
     libfreebl3-3.13.5-0.4.2
     mozilla-nspr-4.9.1-0.5.1
     mozilla-nss-3.13.5-0.4.2
     mozilla-nss-tools-3.13.5-0.4.2

  - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 3.13.5 and 4.9.1]:

     libfreebl3-32bit-3.13.5-0.4.2
     mozilla-nspr-32bit-4.9.1-0.5.1
     mozilla-nss-32bit-3.13.5-0.4.2

  - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]:

     MozillaFirefox-10.0.5-0.3.6
     MozillaFirefox-translations-10.0.5-0.3.6
     libfreebl3-3.13.5-0.4.2
     mozilla-nspr-4.9.1-0.5.1
     mozilla-nss-3.13.5-0.4.2
     mozilla-nss-tools-3.13.5-0.4.2

  - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]:

     libfreebl3-32bit-3.13.5-0.4.2
     mozilla-nspr-32bit-4.9.1-0.5.1
     mozilla-nss-32bit-3.13.5-0.4.2

  - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 3.13.5 and 4.9.1]:

     libfreebl3-x86-3.13.5-0.4.2
     mozilla-nspr-x86-4.9.1-0.5.1
     mozilla-nss-x86-3.13.5-0.4.2

  - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.5 and 4.9.1]:

     mozilla-nspr-4.9.1-0.8.1
     mozilla-nspr-devel-4.9.1-0.8.1
     mozilla-nss-3.13.5-0.7.2
     mozilla-nss-devel-3.13.5-0.7.2
     mozilla-nss-tools-3.13.5-0.7.2

  - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x):

     MozillaFirefox-10.0.5-0.8.4
     MozillaFirefox-translations-10.0.5-0.8.4

  - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 3.13.5 and 4.9.1]:

     mozilla-nspr-32bit-4.9.1-0.8.1
     mozilla-nss-32bit-3.13.5-0.7.2

  - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.13.5 and 4.9.1]:

     mozilla-nspr-x86-4.9.1-0.8.1
     mozilla-nss-x86-3.13.5-0.7.2

  - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.13.5 and 4.9.1]:

     mozilla-nspr-64bit-4.9.1-0.8.1
     mozilla-nss-64bit-3.13.5-0.7.2

  - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]:

     MozillaFirefox-10.0.5-0.3.6
     MozillaFirefox-translations-10.0.5-0.3.6
     libfreebl3-3.13.5-0.4.2
     mozilla-nspr-4.9.1-0.5.1
     mozilla-nss-3.13.5-0.4.2
     mozilla-nss-tools-3.13.5-0.4.2

  - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.13.5 and 4.9.1]:

     libfreebl3-32bit-3.13.5-0.4.2
     mozilla-nspr-32bit-4.9.1-0.5.1
     mozilla-nss-32bit-3.13.5-0.4.2

  - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]:

     MozillaFirefox-10.0.5-0.3.6
     MozillaFirefox-translations-10.0.5-0.3.6
     libfreebl3-3.13.5-0.4.2
     mozilla-nspr-4.9.1-0.5.1
     mozilla-nss-3.13.5-0.4.2
     mozilla-nss-tools-3.13.5-0.4.2

  - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 3.13.5 and 4.9.1]:

     libfreebl3-32bit-3.13.5-0.4.2
     mozilla-nspr-32bit-4.9.1-0.5.1
     mozilla-nss-32bit-3.13.5-0.4.2

  - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 3.13.5 and 4.9.1]:

     mozilla-nspr-4.9.1-0.8.1
     mozilla-nspr-devel-4.9.1-0.8.1
     mozilla-nss-3.13.5-0.7.2
     mozilla-nss-devel-3.13.5-0.7.2
     mozilla-nss-tools-3.13.5-0.7.2

  - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 3.13.5 and 4.9.1]:

     mozilla-nspr-32bit-4.9.1-0.8.1
     mozilla-nss-32bit-3.13.5-0.7.2

  - SUSE Linux Enterprise Desktop 10 SP4 (i586):

     MozillaFirefox-10.0.5-0.8.4
     MozillaFirefox-translations-10.0.5-0.8.4

  - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.5]:

     mozilla-nss-tools-3.13.5-0.7.2

  - SLE SDK 10 SP4 (i586 ia64 ppc s390x):

     MozillaFirefox-branding-upstream-10.0.5-0.8.4


References:

  https://bugzilla.novell.com/765204
  http://download.novell.com/patch/finder/?keywords=07d017248ab36079da2d7b88d9bc2d80
  http://download.novell.com/patch/finder/?keywords=17a6ba181710949a9ded0279ec9b1ffb
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.