[SUSE-SU-2015:0447-1] Security update for Mozilla Firefox

Security update for Mozilla Firefox

* MFSA 2013-91 User-defined properties on DOM proxies get the wrong
  'this' object
      o (CVE-2013-1737)
* MFSA 2013-90 Memory corruption involving scrolling
      o use-after-free in mozilla::layout::ScrollbarActivity
        (CVE-2013-1735)
      o Memory corruption in nsGfxScrollFrameInner::IsLTR()
        (CVE-2013-1736)
* MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
      o buffer overflow at nsFloatManager::GetFlowArea() with multicol,
        list, floats (CVE-2013-1732)
* MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
      o compartment mismatch in nsXBLBinding::DoInitJSClass
        (CVE-2013-1730)
* MFSA 2013-83 Mozilla Updater does not lock MAR file after signature
  verification
      o MAR signature bypass in Updater could lead to downgrade
        (CVE-2013-1726)
* MFSA 2013-82 Calling scope for new Javascript objects can lead to
  memory corruption
      o ABORT: bad scope for new JSObjects: ReparentWrapper /
        document.open (CVE-2013-1725)
* MFSA 2013-79 Use-after-free in Animation Manager during stylesheet
  cloning
      o Heap-use-after-free in nsAnimationManager::BuildAnimations
        (CVE-2013-1722)
* MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 /
  rv:17.0.9)
      o Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0
        (CVE-2013-1718)
* MFSA 2013-65 Buffer underflow when generating CRMF requests
      o ASAN heap-buffer-overflow (read 1) in
        cryptojs_interpret_key_gen_type (CVE-2013-1705)

* CVE-2013-1737
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737>
* CVE-2013-1735
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735>
* CVE-2013-1736
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736>
* CVE-2013-1732
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732>
* CVE-2013-1730
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730>
* CVE-2013-1726
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726>
* CVE-2013-1725
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725>
* CVE-2013-1722
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722>
* CVE-2013-1718
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718>
* CVE-2013-1705
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1705>

ID

SUSE-SU-2015:0447-1

Severity

moderate

URL

https://www.suse.com/support/update/announcement/2015/suse-su-20150447-1/

Published

2013-09-19T09:38:57
(11 years ago)

Modified

2013-09-19T09:38:57
(11 years ago)

Rights

Copyright 2024 SUSE LLC. All rights reserved.

Other Advisories

• DSA-2735-1
• DSA-2746-1
• DSA-2759-1
• DSA-2762-1
• DSA-3174-1
• DSA-3179-1
• ELSA-2013-1140
• ELSA-2013-1142
• ELSA-2013-1268
• ELSA-2013-1269
• ELSA-2015-0265
• ELSA-2015-0266
• ELSA-2015-0642
• FREEBSD:0998E79D-0055-11E3-905B-0025905A4771
• FREEBSD:7DFED67B-20AA-11E3-B8D8-0025905A4771
• FREEBSD:99029172-8253-407D-9D8B-2CFEAB9ABF81
• GLSA-201309-23
• GLSA-201504-01
• RHSA-2013:1140
• RHSA-2013:1142
• RHSA-2013:1268
• RHSA-2013:1269
• RHSA-2015:0265
• RHSA-2015:0266
• RHSA-2015:0642
• SUSE-SU-2015:0412-1
• SUSE-SU-2015:0446-1
• USN-1924-1
• USN-1925-1
• USN-1951-1
• USN-1952-1
• USN-2505-1
• USN-2506-1