Security update for Mozilla Firefox

SUSE Security Update: Security update for Mozilla Firefox
Announcement ID: SUSE-SU-2012:0746-1
Rating: important
References: #765204
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 11 SP2
  • SUSE Linux Enterprise Software Development Kit 11 SP1
  • SUSE Linux Enterprise Server 11 SP2
  • SUSE Linux Enterprise Server 11 SP1 for VMware
  • SUSE Linux Enterprise Server 11 SP1
  • SUSE Linux Enterprise Server 10 SP4
  • SUSE Linux Enterprise Desktop 11 SP2
  • SUSE Linux Enterprise Desktop 11 SP1
  • SUSE Linux Enterprise Desktop 10 SP4
  • SLE SDK 10 SP4
    		•

    An update that contains security fixes can now be installed. It includes three new package versions.

    Description:


    MozillaFirefox has been updated to 10.0.5ESR fixing various
    bugs and security issues.

    *

    MFSA 2012-34 Mozilla developers identified and fixed
    several memory safety bugs in the browser engine used in
    Firefox and other Mozilla-based products. Some of these
    bugs showed evidence of memory corruption under certain
    circumstances, and we presume that with enough effort at
    least some of these could be exploited to run arbitrary
    code.

    In general these flaws cannot be exploited through
    email in the Thunderbird and SeaMonkey products because
    scripting is disabled, but are potentially a risk in
    browser or browser-like contexts in those products.
    References

    Jesse Ruderman, Igor Bukanov, Bill McCloskey,
    Christian Holler, Andrew McCreight, and Brian Bondy
    reported memory safety problems and crashes that affect
    Firefox 12.(CVE-2012-1938)

    Christian Holler reported a memory safety problem
    that affects Firefox ESR. (CVE-2012-1939)

    Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse
    Ruderman reported memory safety problems and crashes that
    affect Firefox ESR and Firefox 13. (CVE-2012-1937)

    Ken Russell of Google reported a bug in NVIDIA
    graphics drivers that they needed to work around in the
    Chromium WebGL implementation. Mozilla has done the same in
    Firefox 13 and ESR 10.0.5. (CVE-2011-3101)

    *

    MFSA 2012-35 Security researcher James Forshaw of
    Context Information Security found two issues with the
    Mozilla updater and the Mozilla updater service introduced
    in Firefox 12 for Windows. The first issue allows Mozilla's
    updater to load a local DLL file in a privileged context.
    The updater can be called by the Updater Service or
    independently on systems that do not use the service. The
    second of these issues allows for the updater service to
    load an arbitrary local DLL file, which can then be run
    with the same system privileges used by the service. Both
    of these issues require local file system access to be
    exploitable.

    Possible Arbitrary Code Execution by Update Service
    (CVE-2012-1942) Updater.exe loads wsock32.dll from
    application directory (CVE-2012-1943)

    *

    MFSA 2012-36 Security researcher Adam Barth found
    that inline event handlers, such as onclick, were no longer
    blocked by Content Security Policy's (CSP) inline-script
    blocking feature. Web applications relying on this feature
    of CSP to protect against cross-site scripting (XSS) were
    not fully protected. (CVE-2012-1944)

    *

    MFSA 2012-37 Security researcher Paul Stone reported
    an attack where an HTML page hosted on a Windows share and
    then loaded could then load Windows shortcut files (.lnk)
    in the same share. These shortcut files could then link to
    arbitrary locations on the local file system of the
    individual loading the HTML page. That page could show the
    contents of these linked files or directories from the
    local file system in an iframe, causing information
    disclosure.

    This issue could potentially affect Linux machines
    with samba shares enabled. (CVE-2012-1945)

    *

    MFSA 2012-38 Security researcher Arthur Gerkis used
    the Address Sanitizer tool to find a use-after-free while
    replacing/inserting a node in a document. This
    use-after-free could possibly allow for remote code
    execution. (CVE-2012-1946)

    *

    MFSA 2012-39 Security researcher Kaspar Brand found a
    flaw in how the Network Security Services (NSS) ASN.1
    decoder handles zero length items. Effects of this issue
    depend on the field. One known symptom is an unexploitable
    crash in handling OCSP responses. NSS also mishandles
    zero-length basic constraints, assuming default values for
    some types that should be rejected as malformed. These
    issues have been addressed in NSS 3.13.4, which is now
    being used by Mozilla. (CVE-2012-0441)

    *

    MFSA 2012-40 Security researcher Abhishek Arya of
    Google used the Address Sanitizer tool to uncover several
    issues: two heap buffer overflow bugs and a use-after-free
    problem. The first heap buffer overflow was found in
    conversion from unicode to native character sets when the
    function fails. The use-after-free occurs in nsFrameList
    when working with column layout with absolute positioning
    in a container that changes size. The second buffer
    overflow occurs in nsHTMLReflowState when a window is
    resized on a page with nested columns and a combination of
    absolute and relative positioning. All three of these
    issues are potentially exploitable.

    Heap-buffer-overflow in utf16_to_isolatin1
    (CVE-2012-1947) Heap-use-after-free in
    nsFrameList::FirstChild (CVE-2012-1940)

    Heap-buffer-overflow in
    nsHTMLReflowState::CalculateHypotheticalBox, with nested
    multi-column, relative position, and absolute position
    (CVE-2012-1941)

    More information on security issues can be found on:
    http://www.mozilla.org/security/announce/

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 11 SP2:
      zypper in -t patch sdksp1-MozillaFirefox-6425
    • SUSE Linux Enterprise Software Development Kit 11 SP1:
      zypper in -t patch sdksp1-MozillaFirefox-6425
    • SUSE Linux Enterprise Server 11 SP2:
      zypper in -t patch slessp1-MozillaFirefox-6425
    • SUSE Linux Enterprise Server 11 SP1 for VMware:
      zypper in -t patch slessp1-MozillaFirefox-6425
    • SUSE Linux Enterprise Server 11 SP1:
      zypper in -t patch slessp1-MozillaFirefox-6425
    • SUSE Linux Enterprise Desktop 11 SP2:
      zypper in -t patch sledsp1-MozillaFirefox-6425
    • SUSE Linux Enterprise Desktop 11 SP1:
      zypper in -t patch sledsp1-MozillaFirefox-6425

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]:
    • mozilla-nspr-devel-4.9.1-0.5.1
    • mozilla-nss-devel-3.13.5-0.4.2
    • SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]:
    • mozilla-nspr-devel-4.9.1-0.5.1
    • mozilla-nss-devel-3.13.5-0.4.2
    • SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]:
    • MozillaFirefox-10.0.5-0.3.6
    • MozillaFirefox-translations-10.0.5-0.3.6
    • libfreebl3-3.13.5-0.4.2
    • mozilla-nspr-4.9.1-0.5.1
    • mozilla-nss-3.13.5-0.4.2
    • mozilla-nss-tools-3.13.5-0.4.2
    • SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]:
    • libfreebl3-32bit-3.13.5-0.4.2
    • mozilla-nspr-32bit-4.9.1-0.5.1
    • mozilla-nss-32bit-3.13.5-0.4.2
    • SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.13.5 and 4.9.1]:
    • libfreebl3-x86-3.13.5-0.4.2
    • mozilla-nspr-x86-4.9.1-0.5.1
    • mozilla-nss-x86-3.13.5-0.4.2
    • SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]:
    • MozillaFirefox-10.0.5-0.3.6
    • MozillaFirefox-translations-10.0.5-0.3.6
    • libfreebl3-3.13.5-0.4.2
    • mozilla-nspr-4.9.1-0.5.1
    • mozilla-nss-3.13.5-0.4.2
    • mozilla-nss-tools-3.13.5-0.4.2
    • SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 3.13.5 and 4.9.1]:
    • libfreebl3-32bit-3.13.5-0.4.2
    • mozilla-nspr-32bit-4.9.1-0.5.1
    • mozilla-nss-32bit-3.13.5-0.4.2
    • SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]:
    • MozillaFirefox-10.0.5-0.3.6
    • MozillaFirefox-translations-10.0.5-0.3.6
    • libfreebl3-3.13.5-0.4.2
    • mozilla-nspr-4.9.1-0.5.1
    • mozilla-nss-3.13.5-0.4.2
    • mozilla-nss-tools-3.13.5-0.4.2
    • SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 3.13.5 and 4.9.1]:
    • libfreebl3-32bit-3.13.5-0.4.2
    • mozilla-nspr-32bit-4.9.1-0.5.1
    • mozilla-nss-32bit-3.13.5-0.4.2
    • SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 3.13.5 and 4.9.1]:
    • libfreebl3-x86-3.13.5-0.4.2
    • mozilla-nspr-x86-4.9.1-0.5.1
    • mozilla-nss-x86-3.13.5-0.4.2
    • SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.5 and 4.9.1]:
    • mozilla-nspr-4.9.1-0.8.1
    • mozilla-nspr-devel-4.9.1-0.8.1
    • mozilla-nss-3.13.5-0.7.2
    • mozilla-nss-devel-3.13.5-0.7.2
    • mozilla-nss-tools-3.13.5-0.7.2
    • SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x):
    • MozillaFirefox-10.0.5-0.8.4
    • MozillaFirefox-translations-10.0.5-0.8.4
    • SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 3.13.5 and 4.9.1]:
    • mozilla-nspr-32bit-4.9.1-0.8.1
    • mozilla-nss-32bit-3.13.5-0.7.2
    • SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.13.5 and 4.9.1]:
    • mozilla-nspr-x86-4.9.1-0.8.1
    • mozilla-nss-x86-3.13.5-0.7.2
    • SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.13.5 and 4.9.1]:
    • mozilla-nspr-64bit-4.9.1-0.8.1
    • mozilla-nss-64bit-3.13.5-0.7.2
    • SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]:
    • MozillaFirefox-10.0.5-0.3.6
    • MozillaFirefox-translations-10.0.5-0.3.6
    • libfreebl3-3.13.5-0.4.2
    • mozilla-nspr-4.9.1-0.5.1
    • mozilla-nss-3.13.5-0.4.2
    • mozilla-nss-tools-3.13.5-0.4.2
    • SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.13.5 and 4.9.1]:
    • libfreebl3-32bit-3.13.5-0.4.2
    • mozilla-nspr-32bit-4.9.1-0.5.1
    • mozilla-nss-32bit-3.13.5-0.4.2
    • SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 10.0.5,3.13.5 and 4.9.1]:
    • MozillaFirefox-10.0.5-0.3.6
    • MozillaFirefox-translations-10.0.5-0.3.6
    • libfreebl3-3.13.5-0.4.2
    • mozilla-nspr-4.9.1-0.5.1
    • mozilla-nss-3.13.5-0.4.2
    • mozilla-nss-tools-3.13.5-0.4.2
    • SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 3.13.5 and 4.9.1]:
    • libfreebl3-32bit-3.13.5-0.4.2
    • mozilla-nspr-32bit-4.9.1-0.5.1
    • mozilla-nss-32bit-3.13.5-0.4.2
    • SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 3.13.5 and 4.9.1]:
    • mozilla-nspr-4.9.1-0.8.1
    • mozilla-nspr-devel-4.9.1-0.8.1
    • mozilla-nss-3.13.5-0.7.2
    • mozilla-nss-devel-3.13.5-0.7.2
    • mozilla-nss-tools-3.13.5-0.7.2
    • SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 3.13.5 and 4.9.1]:
    • mozilla-nspr-32bit-4.9.1-0.8.1
    • mozilla-nss-32bit-3.13.5-0.7.2
    • SUSE Linux Enterprise Desktop 10 SP4 (i586):
    • MozillaFirefox-10.0.5-0.8.4
    • MozillaFirefox-translations-10.0.5-0.8.4
    • SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.13.5]:
    • mozilla-nss-tools-3.13.5-0.7.2
    • SLE SDK 10 SP4 (i586 ia64 ppc s390x):
    • MozillaFirefox-branding-upstream-10.0.5-0.8.4

    References:

  • https://bugzilla.novell.com/765204
  • http://download.suse.com/patch/finder/?keywords=07d017248ab36079da2d7b88d9bc2d80
  • http://download.suse.com/patch/finder/?keywords=17a6ba181710949a9ded0279ec9b1ffb