[SUSE-SU-2015:0446-1] Security update for Mozilla Firefox
Severity
Moderate
Affected Packages
14
CVEs
24
Security update for Mozilla Firefox
This update to Firefox 17.0.9esr (bnc#840485) addresses:
* MFSA 2013-91 User-defined properties on DOM proxies get the wrong
'this' object
o (CVE-2013-1737)
* MFSA 2013-90 Memory corruption involving scrolling
o use-after-free in mozilla::layout::ScrollbarActivity
(CVE-2013-1735)
o Memory corruption in nsGfxScrollFrameInner::IsLTR()
(CVE-2013-1736)
* MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
o buffer overflow at nsFloatManager::GetFlowArea() with multicol,
list, floats (CVE-2013-1732)
* MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
o compartment mismatch in nsXBLBinding::DoInitJSClass
(CVE-2013-1730)
* MFSA 2013-83 Mozilla Updater does not lock MAR file after signature
verification
o MAR signature bypass in Updater could lead to downgrade
(CVE-2013-1726)
* MFSA 2013-82 Calling scope for new Javascript objects can lead to
memory corruption
o ABORT: bad scope for new JSObjects: ReparentWrapper /
document.open (CVE-2013-1725)
* MFSA 2013-79 Use-after-free in Animation Manager during stylesheet
cloning
o Heap-use-after-free in nsAnimationManager::BuildAnimations
(CVE-2013-1722)
* MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 /
rv:17.0.9)
o Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0
(CVE-2013-1718)
* MFSA 2013-65 Buffer underflow when generating CRMF requests
o ASAN heap-buffer-overflow (read 1) in
cryptojs_interpret_key_gen_type (CVE-2013-1705)
Security Issue references:
* CVE-2013-1737
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737>
* CVE-2013-1735
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735>
* CVE-2013-1736
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736>
* CVE-2013-1732
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732>
* CVE-2013-1730
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730>
* CVE-2013-1726
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726>
* CVE-2013-1725
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725>
* CVE-2013-1722
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722>
* CVE-2013-1718
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718>
* CVE-2013-1705
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705>
- ID
- SUSE-SU-2015:0446-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2015/suse-su-20150446-1/
- Published
-
2013-09-19T11:00:29
(11 years ago) - Modified
-
2013-09-19T11:00:29
(11 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- DSA-2735-1
- DSA-2746-1
- DSA-2759-1
- DSA-2762-1
- DSA-3174-1
- DSA-3179-1
- ELSA-2013-1140
- ELSA-2013-1142
- ELSA-2013-1268
- ELSA-2013-1269
- ELSA-2015-0265
- ELSA-2015-0266
- ELSA-2015-0642
- FREEBSD:0998E79D-0055-11E3-905B-0025905A4771
- FREEBSD:7DFED67B-20AA-11E3-B8D8-0025905A4771
- FREEBSD:99029172-8253-407D-9D8B-2CFEAB9ABF81
- GLSA-201309-23
- GLSA-201504-01
- RHSA-2013:1140
- RHSA-2013:1142
- RHSA-2013:1268
- RHSA-2013:1269
- RHSA-2015:0265
- RHSA-2015:0266
- RHSA-2015:0642
- SUSE-SU-2015:0412-1
- SUSE-SU-2015:0447-1
- USN-1924-1
- USN-1925-1
- USN-1951-1
- USN-1952-1
- USN-2505-1
- USN-2506-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=3 | suse | MozillaFirefox | < 17.0.9esr-0.7.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sled-11&sp=3 | suse | MozillaFirefox | < 17.0.9esr-0.7.1 | sled-11 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=3 | suse | MozillaFirefox | < 17.0.9esr-0.7.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=ppc64&distro=sles-11&sp=3 | suse | MozillaFirefox | < 17.0.9esr-0.7.1 | sles-11 | ppc64 | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=ia64&distro=sles-11&sp=3 | suse | MozillaFirefox | < 17.0.9esr-0.7.1 | sles-11 | ia64 | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=3 | suse | MozillaFirefox | < 17.0.9esr-0.7.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sled-11&sp=3 | suse | MozillaFirefox | < 17.0.9esr-0.7.1 | sled-11 | i586 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=3 | suse | MozillaFirefox-translations | < 17.0.9esr-0.7.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sled-11&sp=3 | suse | MozillaFirefox-translations | < 17.0.9esr-0.7.1 | sled-11 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=3 | suse | MozillaFirefox-translations | < 17.0.9esr-0.7.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=ppc64&distro=sles-11&sp=3 | suse | MozillaFirefox-translations | < 17.0.9esr-0.7.1 | sles-11 | ppc64 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=ia64&distro=sles-11&sp=3 | suse | MozillaFirefox-translations | < 17.0.9esr-0.7.1 | sles-11 | ia64 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=3 | suse | MozillaFirefox-translations | < 17.0.9esr-0.7.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sled-11&sp=3 | suse | MozillaFirefox-translations | < 17.0.9esr-0.7.1 | sled-11 | i586 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |