- Detalji os-a: LSU
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LSU
openSUSE Security Update: Mozilla Firefox 27 release
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0212-1
Rating: important
References:
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
Mozilla Firefox was updated to version 27. Mozilla
Seamonkey was updated to 2.24, fixing similar issues as
Firefox 27. Mozilla Thunderbird was updated to 24.3.0,
fixing similar issues as Firefox 27.
The Firefox 27 release brings TLS 1.2 support as a major
security feature.
It also fixes following security issues:
* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous
memory safety hazards (rv:27.0 / rv:24.3)
* MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected
content with XBL scopes
* MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection
timeout missing on download prompts
* MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use
of discarded images by RasterImage
* MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information
disclosure with *FromPoint on iframes
* MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path
leaks to Android system log
* MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT
stylesheets treated as styles in Content Security Policy
* MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free
with imgRequestProxy and image proccessing
* MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin
information leak through web workers
* MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default
start page UI content invokable by script
* MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when
using web workers with asm.js
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545,
bmo#930874, bmo#930857) NSS ticket handling issues
* MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent
JavaScript handling of access to Window objects
Mozilla NSS was updated to 3.15.4:
* required for Firefox 27
* regular CA root store update (1.96)
* Reordered the cipher suites offered in SSL/TLS client
hello messages to match modern best practices.
* Improved SSL/TLS false start. In addition to enabling
the SSL_ENABLE_FALSE_START option, an application must
now register a callback using the
SSL_SetCanFalseStartCallback function.
* When false start is enabled, libssl will sometimes
return unencrypted, unauthenticated data from PR_Recv
(CVE-2013-1740, bmo#919877)
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket
handling issues New functionality
* Implemented OCSP querying using the HTTP GET method,
which is the new default, and will fall back to the
HTTP POST method.
* Implemented OCSP server functionality for testing
purposes (httpserv utility).
* Support SHA-1 signatures with TLS 1.2 client
authentication.
* Added the –empty-password command-line option to
certutil, to be used with -N: use an empty password
when creating a new database.
* Added the -w command-line option to pp: don’t wrap long
output lines.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– openSUSE 13.1:
zypper in -t patch openSUSE-2014-119
– openSUSE 12.3:
zypper in -t patch openSUSE-2014-119
To bring your system up-to-date, use “zypper patch”.
Package List:
– openSUSE 13.1 (i586 x86_64):
MozillaFirefox-27.0-8.1
MozillaFirefox-branding-upstream-27.0-8.1
MozillaFirefox-buildsymbols-27.0-8.1
MozillaFirefox-debuginfo-27.0-8.1
MozillaFirefox-debugsource-27.0-8.1
MozillaFirefox-devel-27.0-8.1
MozillaFirefox-translations-common-27.0-8.1
MozillaFirefox-translations-other-27.0-8.1
MozillaThunderbird-24.3.0-70.11.1
MozillaThunderbird-buildsymbols-24.3.0-70.11.1
MozillaThunderbird-debuginfo-24.3.0-70.11.1
MozillaThunderbird-debugsource-24.3.0-70.11.1
MozillaThunderbird-devel-24.3.0-70.11.1
MozillaThunderbird-translations-common-24.3.0-70.11.1
MozillaThunderbird-translations-other-24.3.0-70.11.1
enigmail-1.6.0+24.3.0-70.11.1
enigmail-debuginfo-1.6.0+24.3.0-70.11.1
libfreebl3-3.15.4-12.1
libfreebl3-debuginfo-3.15.4-12.1
libsoftokn3-3.15.4-12.1
libsoftokn3-debuginfo-3.15.4-12.1
mozilla-nss-3.15.4-12.1
mozilla-nss-certs-3.15.4-12.1
mozilla-nss-certs-debuginfo-3.15.4-12.1
mozilla-nss-debuginfo-3.15.4-12.1
mozilla-nss-debugsource-3.15.4-12.1
mozilla-nss-devel-3.15.4-12.1
mozilla-nss-sysinit-3.15.4-12.1
mozilla-nss-sysinit-debuginfo-3.15.4-12.1
mozilla-nss-tools-3.15.4-12.1
mozilla-nss-tools-debuginfo-3.15.4-12.1
seamonkey-2.24-8.1
seamonkey-debuginfo-2.24-8.1
seamonkey-debugsource-2.24-8.1
seamonkey-dom-inspector-2.24-8.1
seamonkey-irc-2.24-8.1
seamonkey-translations-common-2.24-8.1
seamonkey-translations-other-2.24-8.1
seamonkey-venkman-2.24-8.1
– openSUSE 13.1 (x86_64):
libfreebl3-32bit-3.15.4-12.1
libfreebl3-debuginfo-32bit-3.15.4-12.1
libsoftokn3-32bit-3.15.4-12.1
libsoftokn3-debuginfo-32bit-3.15.4-12.1
mozilla-nss-32bit-3.15.4-12.1
mozilla-nss-certs-32bit-3.15.4-12.1
mozilla-nss-certs-debuginfo-32bit-3.15.4-12.1
mozilla-nss-debuginfo-32bit-3.15.4-12.1
mozilla-nss-sysinit-32bit-3.15.4-12.1
mozilla-nss-sysinit-debuginfo-32bit-3.15.4-12.1
– openSUSE 12.3 (i586 x86_64):
MozillaFirefox-27.0-1.47.2
MozillaFirefox-branding-upstream-27.0-1.47.2
MozillaFirefox-buildsymbols-27.0-1.47.2
MozillaFirefox-debuginfo-27.0-1.47.2
MozillaFirefox-debugsource-27.0-1.47.2
MozillaFirefox-devel-27.0-1.47.2
MozillaFirefox-translations-common-27.0-1.47.2
MozillaFirefox-translations-other-27.0-1.47.2
MozillaThunderbird-24.3.0-61.39.2
MozillaThunderbird-buildsymbols-24.3.0-61.39.2
MozillaThunderbird-debuginfo-24.3.0-61.39.2
MozillaThunderbird-debugsource-24.3.0-61.39.2
MozillaThunderbird-devel-24.3.0-61.39.2
MozillaThunderbird-translations-common-24.3.0-61.39.2
MozillaThunderbird-translations-other-24.3.0-61.39.2
enigmail-1.6.0+24.3.0-61.39.2
enigmail-debuginfo-1.6.0+24.3.0-61.39.2
libfreebl3-3.15.4-1.28.1
libfreebl3-debuginfo-3.15.4-1.28.1
libsoftokn3-3.15.4-1.28.1
libsoftokn3-debuginfo-3.15.4-1.28.1
mozilla-nss-3.15.4-1.28.1
mozilla-nss-certs-3.15.4-1.28.1
mozilla-nss-certs-debuginfo-3.15.4-1.28.1
mozilla-nss-debuginfo-3.15.4-1.28.1
mozilla-nss-debugsource-3.15.4-1.28.1
mozilla-nss-devel-3.15.4-1.28.1
mozilla-nss-sysinit-3.15.4-1.28.1
mozilla-nss-sysinit-debuginfo-3.15.4-1.28.1
mozilla-nss-tools-3.15.4-1.28.1
mozilla-nss-tools-debuginfo-3.15.4-1.28.1
seamonkey-2.24-1.33.2
seamonkey-debuginfo-2.24-1.33.2
seamonkey-debugsource-2.24-1.33.2
seamonkey-dom-inspector-2.24-1.33.2
seamonkey-irc-2.24-1.33.2
seamonkey-translations-common-2.24-1.33.2
seamonkey-translations-other-2.24-1.33.2
seamonkey-venkman-2.24-1.33.2
– openSUSE 12.3 (x86_64):
libfreebl3-32bit-3.15.4-1.28.1
libfreebl3-debuginfo-32bit-3.15.4-1.28.1
libsoftokn3-32bit-3.15.4-1.28.1
libsoftokn3-debuginfo-32bit-3.15.4-1.28.1
mozilla-nss-32bit-3.15.4-1.28.1
mozilla-nss-certs-32bit-3.15.4-1.28.1
mozilla-nss-certs-debuginfo-32bit-3.15.4-1.28.1
mozilla-nss-debuginfo-32bit-3.15.4-1.28.1
mozilla-nss-sysinit-32bit-3.15.4-1.28.1
mozilla-nss-sysinit-debuginfo-32bit-3.15.4-1.28.1
References:
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
openSUSE Security Update: Mozilla updates February 2014
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0213-1
Rating: important
References: #861847
Cross-References: CVE-2013-1740 CVE-2014-1477 CVE-2014-1478
CVE-2014-1479 CVE-2014-1481 CVE-2014-1482
CVE-2014-1486 CVE-2014-1487 CVE-2014-1490
CVE-2014-1491
Affected Products:
openSUSE 11.4
______________________________________________________________________________
An update that fixes 10 vulnerabilities is now available.
Description:
Updates for mozilla-nss (3.15.4) MozillaFirefox (24.3.0esr)
MozillaThunderbird (24.3.0) including fixes for the
following issues:
* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous
memory safety hazards (rv:27.0 / rv:24.3)
* MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected
content with XBL scopes
* MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use
of discarded images by RasterImage
* MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free
with imgRequestProxy and image proccessing
* MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin
information leak through web workers
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545,
bmo#930874, bmo#930857) NSS ticket handling issues
* MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent
JavaScript handling of access to Window objects
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– openSUSE 11.4:
zypper in -t patch 2014-16
To bring your system up-to-date, use “zypper patch”.
Package List:
– openSUSE 11.4 (i586 x86_64):
MozillaFirefox-24.3.0-99.1
MozillaFirefox-branding-upstream-24.3.0-99.1
MozillaFirefox-buildsymbols-24.3.0-99.1
MozillaFirefox-debuginfo-24.3.0-99.1
MozillaFirefox-debugsource-24.3.0-99.1
MozillaFirefox-devel-24.3.0-99.1
MozillaFirefox-translations-common-24.3.0-99.1
MozillaFirefox-translations-other-24.3.0-99.1
MozillaThunderbird-24.3.0-85.1
MozillaThunderbird-buildsymbols-24.3.0-85.1
MozillaThunderbird-debuginfo-24.3.0-85.1
MozillaThunderbird-debugsource-24.3.0-85.1
MozillaThunderbird-devel-24.3.0-85.1
MozillaThunderbird-translations-common-24.3.0-85.1
MozillaThunderbird-translations-other-24.3.0-85.1
enigmail-1.6.0+24.3.0-85.1
libfreebl3-3.15.4-78.1
libfreebl3-debuginfo-3.15.4-78.1
libsoftokn3-3.15.4-78.1
libsoftokn3-debuginfo-3.15.4-78.1
mozilla-nss-3.15.4-78.1
mozilla-nss-certs-3.15.4-78.1
mozilla-nss-certs-debuginfo-3.15.4-78.1
mozilla-nss-debuginfo-3.15.4-78.1
mozilla-nss-debugsource-3.15.4-78.1
mozilla-nss-devel-3.15.4-78.1
mozilla-nss-sysinit-3.15.4-78.1
mozilla-nss-sysinit-debuginfo-3.15.4-78.1
mozilla-nss-tools-3.15.4-78.1
mozilla-nss-tools-debuginfo-3.15.4-78.1
– openSUSE 11.4 (x86_64):
libfreebl3-32bit-3.15.4-78.1
libfreebl3-debuginfo-32bit-3.15.4-78.1
libsoftokn3-32bit-3.15.4-78.1
libsoftokn3-debuginfo-32bit-3.15.4-78.1
mozilla-nss-32bit-3.15.4-78.1
mozilla-nss-certs-32bit-3.15.4-78.1
mozilla-nss-certs-debuginfo-32bit-3.15.4-78.1
mozilla-nss-debuginfo-32bit-3.15.4-78.1
mozilla-nss-sysinit-32bit-3.15.4-78.1
mozilla-nss-sysinit-debuginfo-32bit-3.15.4-78.1
– openSUSE 11.4 (ia64):
libfreebl3-debuginfo-x86-3.15.4-78.1
libfreebl3-x86-3.15.4-78.1
libsoftokn3-debuginfo-x86-3.15.4-78.1
libsoftokn3-x86-3.15.4-78.1
mozilla-nss-certs-debuginfo-x86-3.15.4-78.1
mozilla-nss-certs-x86-3.15.4-78.1
mozilla-nss-debuginfo-x86-3.15.4-78.1
mozilla-nss-sysinit-debuginfo-x86-3.15.4-78.1
mozilla-nss-sysinit-x86-3.15.4-78.1
mozilla-nss-x86-3.15.4-78.1
References:
http://support.novell.com/security/cve/CVE-2013-1740.html
http://support.novell.com/security/cve/CVE-2014-1477.html
http://support.novell.com/security/cve/CVE-2014-1478.html
http://support.novell.com/security/cve/CVE-2014-1479.html
http://support.novell.com/security/cve/CVE-2014-1481.html
http://support.novell.com/security/cve/CVE-2014-1482.html
http://support.novell.com/security/cve/CVE-2014-1486.html
http://support.novell.com/security/cve/CVE-2014-1487.html
http://support.novell.com/security/cve/CVE-2014-1490.html
http://support.novell.com/security/cve/CVE-2014-1491.html
https://bugzilla.novell.com/861847
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
7e
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2014-02-0010-ADV |
| Cve | CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1489 CVE-2014-1488 CVE-2014-1490 CVE-2014-1491 CVE-2014-1481 CVE-2013-1740 |
| ID izvornika | openSUSE-SU-2014:0212-1 openSUSE-SU-2014:0213-1 |
| Proizvod | Mozilla |
| Izvor | http://www.suse.com |
