Lucene search

K
suseSuseOPENSUSE-SU-2013:1634-1
HistoryNov 07, 2013 - 11:04 a.m.

Mozilla updates 10/2013 (important)

2013-11-0711:04:15
lists.opensuse.org
27
mozilla
security patches
cves
memory safety
nspr
thunderbird
firefox
enigmail

EPSS

0.105

Percentile

95.0%

Update NSPR to 4.10.1 Update Thunderbird to 24.1.0 (incl.
enigmail 1.6) Update Firefox to 24.1.0esr

Changes in MozillaFirefox:

  • requires NSS 3.15.2 or above
  • MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
    Miscellaneous memory safety hazards
  • MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing
    addressbar through SELECT element
  • MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access
    violation with XSLT and uninitialized data
  • MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly
    initialized memory and overflows in some JavaScript
    functions
  • MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to
    cycle collected object during image decoding
  • MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free
    when updating offline cache
  • MFSA 2013-99/CVE-2013-5598 (bmo#920515) Security bypass
    of PDF.js checks using iframes
  • MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
    (bmo#915210, bmo#915576, bmo#916685) Miscellaneous
    use-after-free issues found through ASAN fuzzing
  • MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory
    corruption in workers
  • MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free
    in HTML document templates

Changes in MozillaThunderbird:

  • requires NSS 3.15.2 or above
  • MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
    Miscellaneous memory safety hazards
  • MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing
    addressbar through SELECT element
  • MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access
    violation with XSLT and uninitialized data
  • MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly
    initialized memory and overflows in some JavaScript
    functions
  • MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to
    cycle collected object during image decoding
  • MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free
    when updating offline cache
  • MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
    (bmo#915210, bmo#915576, bmo#916685) Miscellaneous
    use-after-free issues found through ASAN fuzzing
  • MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory
    corruption in workers
  • MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free
    in HTML document templates
  • update to Thunderbird 24.0.1
  • fqdn for smtp server name was not accepted (bmo#913785)
  • fixed crash in PL_strncasecmp (bmo#917955)
  • update Enigmail to 1.6
  • The passphrase timeout configuration in Enigmail is now
    read and written from/to gpg-agent.
  • New dialog to change the expiry date of keys
  • New function to search for the OpenPGP keys of all
    Address Book entries on a keyserver
  • removed obsolete enigmail-build.patch

Changes in mozilla-nspr:

  • update to version 4.10.1
  • bmo#888273: RWIN Scaling (RFC1323) limited to 2 on
    Windows 7 and 8 (Windows only)
  • bmo#907512: Unix platforms shouldn’t mask errors
    specific to Unix domain sockets