Lucene search

K
suseSuseOPENSUSE-SU-2013:0323-1
HistoryFeb 22, 2013 - 2:04 p.m.

Mozilla: February 2013 update round (Firefox 19) (important)

2013-02-2214:04:25
lists.opensuse.org
16

EPSS

0.027

Percentile

90.6%

MozillaFirefox was updated to Firefox 19.0 (bnc#804248)
MozillaThunderbird was updated to Thunderbird 17.0.3
(bnc#804248) seamonkey was updated to SeaMonkey 2.16
(bnc#804248) xulrunner was updated to 17.0.3esr
(bnc#804248) chmsee was updated to version 2.0.

Changes in MozillaFirefox 19.0:

  • MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous
    memory safety hazards
  • MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds
    read in image rendering
  • MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL
    objects can be wrapped again
  • MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
    bypass of COW and SOW security wrappers
  • MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
    JavaScript Workers
  • MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
    in nsImageLoadingContent
  • MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
    HTTPS connection through malicious proxy
  • MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
    CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
    Use-after-free, out of bounds read, and buffer overflow
    issues found using Address Sanitizer
  • removed obsolete patches
  • mozilla-webrtc.patch
  • mozilla-gstreamer-803287.patch
  • added patch to fix session restore window order
    (bmo#712763)

  • update to Firefox 18.0.2

  • blocklist and CTP updates
  • fixes in JS engine
  • update to Firefox 18.0.1
  • blocklist updates
  • backed out bmo#677092 (removed patch)
  • fixed problems involving HTTP proxy transactions
  • Fix WebRTC to build on powerpc

Changes in MozillaThunderbird:

  • update to Thunderbird 17.0.3 (bnc#804248)
  • MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety
    hazards
  • MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
    bypass of COW and SOW security wrappers
  • MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
    JavaScript Workers
  • MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
    in nsImageLoadingContent
  • MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
    HTTPS connection through malicious proxy
  • MFSA 2013-28/CVE-2013-0780/CVE-2013-0782
    Use-after-free, out of bounds read, and buffer overflow
    issues found using Address Sanitizer
  • update Enigmail to 1.5.1
  • The release fixes the regressions found in the past few
    weeks

Changes in seamonkey:

  • update to SeaMonkey 2.16 (bnc#804248)
  • MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous
    memory safety hazards
  • MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds
    read in image rendering
  • MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL
    objects can be wrapped again
  • MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
    bypass of COW and SOW security wrappers
  • MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
    JavaScript Workers
  • MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
    in nsImageLoadingContent
  • MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
    HTTPS connection through malicious proxy
  • MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
    CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
    Use-after-free, out of bounds read, and buffer overflow
    issues found using Address Sanitizer
  • removed obsolete patches
  • mozilla-webrtc.patch
  • mozilla-gstreamer-803287.patch
  • update to SeaMonkey 2.15.2
  • Applications could not be removed from the "Application
    details" dialog under Preferences, Helper Applications
    (bmo#826771).
  • View / Message Body As could show menu items out of
    context (bmo#831348)
  • update to SeaMonkey 2.15.1
  • backed out bmo#677092 (removed patch)
  • fixed problems involving HTTP proxy transactions
  • backed out restartless language packs as it broke
    multi-locale setup (bmo#677092, bmo#818468)

Changes in xulrunner:

  • update to 17.0.3esr (bnc#804248)
  • MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety
    hazards
  • MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content
    bypass of COW and SOW security wrappers
  • MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in
    JavaScript Workers
  • MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free
    in nsImageLoadingContent
  • MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on
    HTTPS connection through malicious proxy
  • MFSA 2013-28/CVE-2013-0780/CVE-2013-0782
    Use-after-free, out of bounds read, and buffer overflow
    issues found using Address Sanitizer