MozillaFirefox, MozillaThunderbird, mozilla-nss, seamonkey, xulrunner: June (important)

2012-06-1912:08:31

lists.opensuse.org

0.14 Low

EPSS

Percentile

95.1%

JSON

Changes in MozillaFirefox:

update to Firefox 13.0 (bnc#765204)

MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content
Security Policy inline-script bypass
MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
disclosure though Windows file shares and shortcut files
MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
while replacing/inserting a node in a document
MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using
Address Sanitizer

require NSS 3.13.4

MFSA 2012-39/CVE-2012-0441 (bmo#715073)

fix sound notifications when filename/path contains a
whitespace (bmo#749739)
fix build on arm
reenabled crashreporter for Factory/12.2 (fix in
mozilla-gcc47.patch)

Changes in MozillaThunderbird:

update to Thunderbird 13.0 (bnc#765204)

MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content
Security Policy inline-script bypass
MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
disclosure though Windows file shares and shortcut files
MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
while replacing/inserting a node in a document
MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using
Address Sanitizer

require NSS 3.13.4

MFSA 2012-39/CVE-2012-0441 (bmo#715073)

fix build with system NSPR (mozilla-system-nspr.patch)
add dependentlibs.list for improved XRE startup
update enigmail to 1.4.2
reenabled crashreporter for Factory/12.2 (fix in
mozilla-gcc47.patch)
update to Thunderbird 12.0.1

fix regressions

POP3 filters (bmo#748090)
Message Body not loaded when using "Fetch Headers
Only" (bmo#748865)
Received messages contain parts of other messages
with movemail account (bmo#748726)
New mail notification issue (bmo#748997)
crash in nsMsgDatabase::MatchDbName (bmo#748432)
fixed build with gcc 4.7

Changes in seamonkey:

update to Seamonkey 2.10 (bnc#765204)

MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content
Security Policy inline-script bypass
MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
disclosure though Windows file shares and shortcut files
MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
while replacing/inserting a node in a document
MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using
Address Sanitizer

requires NSS 3.13.4

MFSA 2012-39/CVE-2012-0441 (bmo#715073)

update to Seamonkey 2.9.1

fix regressions

POP3 filters (bmo#748090)
Message Body not loaded when using "Fetch Headers
Only" (bmo#748865)
Received messages contain parts of other messages
with movemail account (bmo#748726)
New mail notification issue (bmo#748997)
crash in nsMsgDatabase::MatchDbName (bmo#748432)
fixed build with gcc 4.7

Changes in mozilla-nss:

update to 3.13.5 RTM
update to 3.13.4 RTM

fixed some bugs
fixed cert verification regression in PKIX mode
(bmo#737802) introduced in 3.13.2

Changes in xulrunner:

update to 13.0 (bnc#765204)

MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content
Security Policy inline-script bypass
MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information
disclosure though Windows file shares and shortcut files
MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free
while replacing/inserting a node in a document
MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using
Address Sanitizer

require NSS 3.13.4

MFSA 2012-39/CVE-2012-0441 (bmo#715073)

reenabled crashreporter for Factory/12.2 (fixed in
mozilla-gcc47.patch)

OSVersionArchitecturePackageVersionFilename
openSUSE11.4x86_64mozillathunderbird-devel< 13.0-21.2MozillaThunderbird-devel-13.0-21.2.x86_64.rpm
openSUSE12.1x86_64xulrunner-debuginfo< 13.0-2.29.2xulrunner-debuginfo-13.0-2.29.2.x86_64.rpm
openSUSE12.1i586mozilla-js< 13.0-2.29.2mozilla-js-13.0-2.29.2.i586.rpm
openSUSE12.1x86_64mozillafirefox-translations-other< 13.0-2.30.1MozillaFirefox-translations-other-13.0-2.30.1.x86_64.rpm
openSUSE11.4ia64mozilla-nss-sysinit-debuginfo-x86-debuginfo< 3.13.5-44.1mozilla-nss-sysinit-debuginfo-x86-debuginfo-3.13.5-44.1.ia64.rpm
openSUSE12.1i586mozilla-nss-tools< 3.13.5-9.16.1mozilla-nss-tools-3.13.5-9.16.1.i586.rpm
openSUSE12.1i586chmsee-debugsource< 1.99.08-2.18.3chmsee-debugsource-1.99.08-2.18.3.i586.rpm
openSUSE11.4ia64libsoftokn3-x86< 3.13.5-44.1libsoftokn3-x86-3.13.5-44.1.ia64.rpm
openSUSE11.4i586seamonkey-debuginfo< 2.10-21.2seamonkey-debuginfo-2.10-21.2.i586.rpm
openSUSE12.1i586xulrunner-debugsource< 13.0-2.29.2xulrunner-debugsource-13.0-2.29.2.i586.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	11.4	x86_64	mozillathunderbird-devel	< 13.0-21.2	MozillaThunderbird-devel-13.0-21.2.x86_64.rpm
openSUSE	12.1	x86_64	xulrunner-debuginfo	< 13.0-2.29.2	xulrunner-debuginfo-13.0-2.29.2.x86_64.rpm
openSUSE	12.1	i586	mozilla-js	< 13.0-2.29.2	mozilla-js-13.0-2.29.2.i586.rpm
openSUSE	12.1	x86_64	mozillafirefox-translations-other	< 13.0-2.30.1	MozillaFirefox-translations-other-13.0-2.30.1.x86_64.rpm
openSUSE	11.4	ia64	mozilla-nss-sysinit-debuginfo-x86-debuginfo	< 3.13.5-44.1	mozilla-nss-sysinit-debuginfo-x86-debuginfo-3.13.5-44.1.ia64.rpm
openSUSE	12.1	i586	mozilla-nss-tools	< 3.13.5-9.16.1	mozilla-nss-tools-3.13.5-9.16.1.i586.rpm
openSUSE	12.1	i586	chmsee-debugsource	< 1.99.08-2.18.3	chmsee-debugsource-1.99.08-2.18.3.i586.rpm
openSUSE	11.4	ia64	libsoftokn3-x86	< 3.13.5-44.1	libsoftokn3-x86-3.13.5-44.1.ia64.rpm
openSUSE	11.4	i586	seamonkey-debuginfo	< 2.10-21.2	seamonkey-debuginfo-2.10-21.2.i586.rpm
openSUSE	12.1	i586	xulrunner-debugsource	< 13.0-2.29.2	xulrunner-debugsource-13.0-2.29.2.i586.rpm