Articles / SuSE: New Firefox packages …

SuSE: New Firefox packages fix security vulnerability

MozillaFirefox was updated to 10.0.1 to fix a security issue. Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. Updated packages are available from download.opensuse.org.

  SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0261-1
Rating:             critical
References:         #744625 #744629 #746616 
Cross-References:   CVE-2012-0452
Affected Products:
                   SUSE Linux Enterprise Server 11 SP1 for VMware
                   SUSE Linux Enterprise Server 11 SP1 FOR SP2
                   SUSE Linux Enterprise Server 11 SP1
                   SUSE Linux Enterprise Desktop 11 SP1 FOR SP2
                   SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

  An update that solves one vulnerability and has two fixes
  is now available. It includes one version update.

Description:


  MozillaFirefox was updated to 10.0.1 to fix critical bugs
  and security  issue.

  The following security issue has been fixed:

  CVE-2012-0452: Mozilla developers Andrew McCreight and Olli
  Pettay found  that ReadPrototypeBindings will leave a XBL
  binding in a hash table even  when the function fails. If
  this occurs, when the cycle collector reads  this hash
  table and attempts to do a virtual method on this binding a
  crash  will occur. This crash may be potentially
  exploitable.

  Firefox 9 and earlier are not affected by this
  vulnerability.

  https://www.mozilla.org/security/announce/2012/mfsa2012-10.h
  tml
  <https://www.mozilla.org/security/announce/2012/mfsa2012-10.
  html>

  Security Issues:

  * CVE-2012-0452
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452



Patch Instructions:

  To install this SUSE Security Update use YaST online_update.
  Alternatively you can run the command listed for your product:

  - SUSE Linux Enterprise Server 11 SP1 for VMware:

     zypper in -t patch slessp1-MozillaFirefox-5807

  - SUSE Linux Enterprise Server 11 SP1 FOR SP2:

     zypper in -t patch slessp1fsp2-MozillaFirefox-5807

  - SUSE Linux Enterprise Server 11 SP1:

     zypper in -t patch slessp1-MozillaFirefox-5807

  - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2:

     zypper in -t patch sledsp1fsp2-MozillaFirefox-5807

  - SUSE Linux Enterprise Desktop 11 SP1:

     zypper in -t patch sledsp1-MozillaFirefox-5807

  To bring your system up-to-date, use "zypper patch".


Package List:

  - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 10.0.1]:

     MozillaFirefox-10.0.1-0.4.1
     MozillaFirefox-translations-10.0.1-0.4.1

  - SUSE Linux Enterprise Server 11 SP1 FOR SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.1]:

     MozillaFirefox-10.0.1-0.4.1
     MozillaFirefox-translations-10.0.1-0.4.1

  - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.1]:

     MozillaFirefox-10.0.1-0.4.1
     MozillaFirefox-translations-10.0.1-0.4.1

  - SUSE Linux Enterprise Desktop 11 SP1 FOR SP2 (i586 x86_64) [New Version: 10.0.1]:

     MozillaFirefox-10.0.1-0.4.1
     MozillaFirefox-translations-10.0.1-0.4.1
     mhtml-firefox-0.5-1.47.47.1

  - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 10.0.1]:

     MozillaFirefox-10.0.1-0.4.1
     MozillaFirefox-translations-10.0.1-0.4.1
     mhtml-firefox-0.5-1.47.47.1


References:

  http://support.novell.com/security/cve/CVE-2012-0452.html
  https://bugzilla.novell.com/744625
  https://bugzilla.novell.com/744629
  https://bugzilla.novell.com/746616
  http://download.novell.com/patch/finder/?keywords=0727d8a4f41b1fef19dc1e8e92fae922
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.