Security update for Mozilla Firefox
SUSE Security Update: Security update for Mozilla Firefox
Mozilla Firefox has been updated to the 17.0.7 ESR version,
which fixes bugs and security issues.
*
MFSA 2013-49: Mozilla developers identified and fixed
several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code.
Gary Kwong, Jesse Ruderman, and Andrew McCreight
reported memory safety problems and crashes that affect
Firefox ESR 17, and Firefox 21. (CVE-2013-1682)
*
MFSA 2013-50: Security researcher Abhishek Arya
(Inferno) of the Google Chrome Security Team used the
Address Sanitizer tool to discover a series of
use-after-free problems rated critical as security issues
in shipped software. Some of these issues are potentially
exploitable, allowing for remote code execution. We would
also like to thank Abhishek for reporting additional
use-after-free and buffer overflow flaws in code introduced
during Firefox development. These were fixed before general
release.
o Heap-use-after-free in
mozilla::dom::HTMLMediaElement::LookupMediaElementURITable
(CVE-2013-1684) o Heap-use-after-free in
nsIDocument::GetRootElement (CVE-2013-1685) o
Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686)
*
MFSA 2013-51 / CVE-2013-1687: Security researcher
Mariusz Mlynski reported that it is possible to compile a
user-defined function in the XBL scope of a specific
element and then trigger an event within this scope to run
code. In some circumstances, when this code is run, it can
access content protected by System Only Wrappers (SOW) and
chrome-privileged pages. This could potentially lead to
arbitrary code execution. Additionally, Chrome Object
Wrappers (COW) can be bypassed by web content to access
privileged methods, leading to a cross-site scripting (XSS)
attack from privileged pages.
*
MFSA 2013-53 / CVE-2013-1690: Security researcher
Nils reported that specially crafted web content using the
onreadystatechange event and reloading of pages could
sometimes cause a crash when unmapped memory is executed.
This crash is potentially exploitable.
*
MFSA 2013-54 / CVE-2013-1692: Security researcher
Johnathan Kuskos reported that Firefox is sending data in
the body of XMLHttpRequest (XHR) HEAD requests, which goes
agains the XHR specification. This can potentially be used
for Cross-Site Request Forgery (CSRF) attacks against sites
which do not distinguish between HEAD and POST requests.
*
MFSA 2013-55 / CVE-2013-1693: Security researcher
Paul Stone of Context Information Security discovered that
timing differences in the processing of SVG format images
with filters could allow for pixel values to be read. This
could potentially allow for text values to be read across
domains, leading to information disclosure.
*
MFSA 2013-59 / CVE-2013-1697: Mozilla security
researcher moz_bug_r_a4 reported that XrayWrappers can be
bypassed to call content-defined toString and valueOf
methods through DefaultValue. This can lead to unexpected
behavior when privileged code acts on the incorrect values.
Security Issue references:
* CVE-2013-1682
>
* CVE-2013-1684
>
* CVE-2013-1685
>
* CVE-2013-1686
>
* CVE-2013-1687
>
* CVE-2013-1690
>
* CVE-2013-1692
>
* CVE-2013-1693
>
* CVE-2013-1697
>
| Announcement ID: | SUSE-SU-2013:1153-1 |
| Rating: | important |
| References: | #825935 |
| Affected Products: |
An update that fixes 9 vulnerabilities is now available. It includes two new package versions.
Description:
Mozilla Firefox has been updated to the 17.0.7 ESR version,
which fixes bugs and security issues.
*
MFSA 2013-49: Mozilla developers identified and fixed
several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code.
Gary Kwong, Jesse Ruderman, and Andrew McCreight
reported memory safety problems and crashes that affect
Firefox ESR 17, and Firefox 21. (CVE-2013-1682)
*
MFSA 2013-50: Security researcher Abhishek Arya
(Inferno) of the Google Chrome Security Team used the
Address Sanitizer tool to discover a series of
use-after-free problems rated critical as security issues
in shipped software. Some of these issues are potentially
exploitable, allowing for remote code execution. We would
also like to thank Abhishek for reporting additional
use-after-free and buffer overflow flaws in code introduced
during Firefox development. These were fixed before general
release.
o Heap-use-after-free in
mozilla::dom::HTMLMediaElement::LookupMediaElementURITable
(CVE-2013-1684) o Heap-use-after-free in
nsIDocument::GetRootElement (CVE-2013-1685) o
Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686)
*
MFSA 2013-51 / CVE-2013-1687: Security researcher
Mariusz Mlynski reported that it is possible to compile a
user-defined function in the XBL scope of a specific
element and then trigger an event within this scope to run
code. In some circumstances, when this code is run, it can
access content protected by System Only Wrappers (SOW) and
chrome-privileged pages. This could potentially lead to
arbitrary code execution. Additionally, Chrome Object
Wrappers (COW) can be bypassed by web content to access
privileged methods, leading to a cross-site scripting (XSS)
attack from privileged pages.
*
MFSA 2013-53 / CVE-2013-1690: Security researcher
Nils reported that specially crafted web content using the
onreadystatechange event and reloading of pages could
sometimes cause a crash when unmapped memory is executed.
This crash is potentially exploitable.
*
MFSA 2013-54 / CVE-2013-1692: Security researcher
Johnathan Kuskos reported that Firefox is sending data in
the body of XMLHttpRequest (XHR) HEAD requests, which goes
agains the XHR specification. This can potentially be used
for Cross-Site Request Forgery (CSRF) attacks against sites
which do not distinguish between HEAD and POST requests.
*
MFSA 2013-55 / CVE-2013-1693: Security researcher
Paul Stone of Context Information Security discovered that
timing differences in the processing of SVG format images
with filters could allow for pixel values to be read. This
could potentially allow for text values to be read across
domains, leading to information disclosure.
*
MFSA 2013-59 / CVE-2013-1697: Mozilla security
researcher moz_bug_r_a4 reported that XrayWrappers can be
bypassed to call content-defined toString and valueOf
methods through DefaultValue. This can lead to unexpected
behavior when privileged code acts on the incorrect values.
Security Issue references:
* CVE-2013-1682
* CVE-2013-1684
* CVE-2013-1685
* CVE-2013-1686
* CVE-2013-1687
* CVE-2013-1690
* CVE-2013-1692
* CVE-2013-1693
* CVE-2013-1697
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-firefox-20130628-7976 - SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-firefox-20130628-7976 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS:
zypper in -t patch slessp1-firefox-20130628-7977 - SUSE Linux Enterprise Server 11 SP1 LTSS:
zypper in -t patch slessp1-firefox-20130628-7977 - SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-firefox-20130628-7976
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 17.0.7esr]:
- MozillaFirefox-17.0.7esr-0.3.1
- MozillaFirefox-translations-17.0.7esr-0.3.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 17.0.7esr]:
- MozillaFirefox-17.0.7esr-0.3.1
- MozillaFirefox-branding-SLED-7-0.6.9.31
- MozillaFirefox-translations-17.0.7esr-0.3.1
- SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 17.0.7esr]:
- MozillaFirefox-17.0.7esr-0.3.1
- MozillaFirefox-translations-17.0.7esr-0.3.1
- SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 17.0.7esr and 7]:
- MozillaFirefox-17.0.7esr-0.3.1
- MozillaFirefox-branding-SLED-7-0.6.9.31
- MozillaFirefox-translations-17.0.7esr-0.3.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 17.0.7esr and 7]:
- MozillaFirefox-17.0.7esr-0.6.1
- MozillaFirefox-branding-SLED-7-0.10.28
- MozillaFirefox-translations-17.0.7esr-0.6.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 17.0.7esr]:
- MozillaFirefox-17.0.7esr-0.3.1
- MozillaFirefox-branding-SLED-7-0.6.9.31
- MozillaFirefox-translations-17.0.7esr-0.3.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 17.0.7esr and 7]:
- MozillaFirefox-17.0.7esr-0.6.1
- MozillaFirefox-branding-SLED-7-0.10.28
- MozillaFirefox-translations-17.0.7esr-0.6.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x):
- MozillaFirefox-branding-upstream-17.0.7esr-0.6.1
References:
- http://support.novell.com/security/cve/CVE-2013-1682.html
- http://support.novell.com/security/cve/CVE-2013-1684.html
- http://support.novell.com/security/cve/CVE-2013-1685.html
- http://support.novell.com/security/cve/CVE-2013-1686.html
- http://support.novell.com/security/cve/CVE-2013-1687.html
- http://support.novell.com/security/cve/CVE-2013-1690.html
- http://support.novell.com/security/cve/CVE-2013-1692.html
- http://support.novell.com/security/cve/CVE-2013-1693.html
- http://support.novell.com/security/cve/CVE-2013-1697.html
- https://bugzilla.novell.com/825935
- http://download.suse.com/patch/finder/?keywords=061026413fe3bb69a7f42e0b70363e4a
- http://download.suse.com/patch/finder/?keywords=1133af3aaf996a7684d227efbb12bd71
- http://download.suse.com/patch/finder/?keywords=7d0f6003f49140e3d5ad8c675f178612