Articles / SuSE: New Firefox packages …

SuSE: New Firefox packages fix security vulnerability

Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems. Josh Aas reported a potential crash in the plugin API. Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression.

Mozilla developer Boris Zbarsky reported that a frame named “location” could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers. Mariusz Mlynski reported that if you could convince a user to hold down the Enter key–as part of a game or test, perhaps–a malicious page could pop up a download dialog where the held key would then activate the default Open action.

Updated packages are available from download.opensuse.org.

  openSUSE Security Update: MozillaFirefox: Update to Firefox 3.6.23
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2011:1079-1
Rating:             important
References:         #720264 
Cross-References:   CVE-2011-2372 CVE-2011-2995 CVE-2011-2996
                   CVE-2011-2999 CVE-2011-3000
Affected Products:
                   openSUSE 11.3
______________________________________________________________________________

  An update that fixes 5 vulnerabilities is now available. It
  includes two new package versions.

Description:

  Mozilla Firefox was updated to version 3.6.23, fixing
  various bugs and security issues.

  MFSA 2011-36: Mozilla developers identified and fixed
  several memory safety bugs in the browser engine used in
  Firefox and other Mozilla-based products. Some of these
  bugs showed evidence of memory corruption under certain
  circumstances, and we presume that with enough effort at
  least some of these could be exploited to run arbitrary
  code.

  In general these flaws cannot be exploited through email in
  the Thunderbird and SeaMonkey products because scripting is
  disabled,, but are potentially a risk in browser or
  browser-like contexts in those products.

  Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported
  memory safety problems that affected Firefox 3.6 and
  Firefox 6. (CVE-2011-2995)

  Josh Aas reported a potential crash in the plugin API that
  affected Firefox 3.6 only. (CVE-2011-2996)

  MFSA 2011-37: Mark Kaplan reported a potentially
  exploitable crash due to integer underflow when using a
  large JavaScript RegExp expression. We would also like to
  thank Mark for contributing the fix for this problem. (no
  CVE yet)

  MFSA 2011-38: Mozilla developer Boris Zbarsky reported that
  a frame named "location" could shadow the window.location
  object unless a script in a page grabbed a reference to the
  true object before the frame was created. Because some
  plugins use the value of window.location to determine the
  page origin this could fool the plugin into granting the
  plugin content access to another site or the local file
  system in violation of the Same Origin Policy. This flaw
  allows circumvention of the fix added for MFSA 2010-10.
  (CVE-2011-2999)

  MFSA 2011-39: Ian Graham of Citrix Online reported that
  when multiple Location headers were present in a redirect
  response Mozilla behavior differed from other browsers:
  Mozilla would use the second Location header while Chrome
  and Internet Explorer would use the first. Two copies of
  this header with different values could be a symptom of a
  CRLF injection attack against a vulnerable server. Most
  commonly it is the Location header itself that is
  vulnerable to the response splitting and therefore the copy
  preferred by Mozilla is more likely to be the malicious
  one. It is possible, however, that the first copy was the
  injected one depending on the nature of the server
  vulnerability.

  The Mozilla browser engine has been changed to treat two
  copies of this header with different values as an error
  condition. The same has been done with the headers
  Content-Length and Content-Disposition. (CVE-2011-3000)

  MFSA 2011-40: Mariusz Mlynski reported that if you could
  convince a user to hold down the Enter key--as part of a
  game or test, perhaps--a malicious page could pop up a
  download dialog where the held key would then activate the
  default Open action. For some file types this would be
  merely annoying (the equivalent of a pop-up) but other file
  types have powerful scripting capabilities. And this would
  provide an avenue for an attacker to exploit a
  vulnerability in applications not normally exposed to
  potentially hostile internet content.

  Holding enter allows arbitrary code execution due to
  Download Manager (CVE-2011-2372)


Patch Instructions:

  To install this openSUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - openSUSE 11.3:

     zypper in -t patch MozillaFirefox-5203

  To bring your system up-to-date, use "zypper patch".


Package List:

  - openSUSE 11.3 (i586 x86_64) [New Version: 1.9.2.23 and 3.6.23]:

     MozillaFirefox-3.6.23-0.2.1
     MozillaFirefox-branding-upstream-3.6.23-0.2.1
     MozillaFirefox-translations-common-3.6.23-0.2.1
     MozillaFirefox-translations-other-3.6.23-0.2.1
     mozilla-js192-1.9.2.23-1.2.1
     mozilla-xulrunner192-1.9.2.23-1.2.1
     mozilla-xulrunner192-buildsymbols-1.9.2.23-1.2.1
     mozilla-xulrunner192-devel-1.9.2.23-1.2.1
     mozilla-xulrunner192-gnome-1.9.2.23-1.2.1
     mozilla-xulrunner192-translations-common-1.9.2.23-1.2.1
     mozilla-xulrunner192-translations-other-1.9.2.23-1.2.1

  - openSUSE 11.3 (x86_64) [New Version: 1.9.2.23]:

     mozilla-js192-32bit-1.9.2.23-1.2.1
     mozilla-xulrunner192-32bit-1.9.2.23-1.2.1
     mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1
     mozilla-xulrunner192-translations-common-32bit-1.9.2.23-1.2.1
     mozilla-xulrunner192-translations-other-32bit-1.9.2.23-1.2.1


References:

  http://support.novell.com/security/cve/CVE-2011-2372.html
  http://support.novell.com/security/cve/CVE-2011-2995.html
  http://support.novell.com/security/cve/CVE-2011-2996.html
  http://support.novell.com/security/cve/CVE-2011-2999.html
  http://support.novell.com/security/cve/CVE-2011-3000.html
  https://bugzilla.novell.com/720264
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.