Lucene search

K
suseSuseOPENSUSE-SU-2012:1345-1
HistoryOct 15, 2012 - 3:08 p.m.

MozillaFirefox: update to Firefox 16.0.1 (important)

2012-10-1515:08:30
lists.opensuse.org
26

0.713 High

EPSS

Percentile

97.7%

The Mozilla suite received following security updates
(bnc#783533):

Mozilla Firefox was updated to 16.0.1. Mozilla Seamonkey
was updated to 2.13.1. Mozilla Thunderbird was updated to
16.0.1. Mozilla XULRunner was updated to 16.0.1.

  • MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous
    memory safety hazards
  • MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952,
    bmo#720619) defaultValue security checks not applied
  • MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous
    memory safety hazards
  • MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element
    persistance allows for attacks
  • MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued
    access to initial origin after setting document.domain
  • MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some
    DOMWindowUtils methods bypass security checks
  • MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash
    with full screen and history navigation
  • MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with
    invalid cast when using instanceof operator
  • MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty
    function can bypass security checks
  • MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and
    location property accessible by plugins
  • MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101,
    bmo#780370) Chrome Object Wrapper (COW) does not
    disallow acces to privileged functions or properties
  • MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and
    script injection through location.hash
  • MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
    CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
    Use-after-free, buffer overflow, and out of bounds read
    issues found using Address Sanitizer
  • MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
    CVE-2012-4188 Heap memory corruption issues found using
    Address Sanitizer
  • MFSA 2012-87/CVE-2012-3990 (bmo#787704)