You are here

V-003: Suse Update For Mozillafirefox - Critical

October 16, 2012 - 6:00am

Addthis

PROBLEM:

SUSE update for MozillaFirefox

PLATFORM:

openSUSE 12.2
openSUSE 12.1
openSUSE 11.4

ABSTRACT:

An update that fixes 25 vulnerabilities is now available.

REFERENCE LINKS:

openSUSE-SU-2012:1345-1
Secunia Advisory SA50984
Bug 783533
CVE-2012-3982
CVE-2012-3983
CVE-2012-3984
CVE-2012-3985
CVE-2012-3986
CVE-2012-3988
CVE-2012-3989
CVE-2012-3990
CVE-2012-3991
CVE-2012-3992
CVE-2012-3993
CVE-2012-3994
CVE-2012-3995
CVE-2012-4179
CVE-2012-4180
CVE-2012-4182
CVE-2012-4183
CVE-2012-4184
CVE-2012-4185
CVE-2012-4186
CVE-2012-4187
CVE-2012-4188
CVE-2012-4191
CVE-2012-4192
CVE-2012-4193

IMPACT ASSESSMENT:

High

DISCUSSION:

SUSE has issue an update for MozillaFirefox. This fixes multiple vulnerabilities

   * MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous  memory safety hazards
   * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952,  bmo#720619) defaultValue security checks not applied
   * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards
   * MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks
   * MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain
   * MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks
   * MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation
   * MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator
   * MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks
   * MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins
   * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
   * MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash
   * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183  Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
   * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/  CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer
   * MFSA 2012-87/CVE-2012-3990 (bmo#787704)

IMPACT:

This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.

SOLUTION:

Apply updated packages via the zypper package manager.

Addthis