Mozilla updates 2013/12 (important)

2013-12-13T15:04:36
ID OPENSUSE-SU-2013:1871-1
Type suse
Reporter Suse
Modified 2013-12-13T15:04:36

Description

This patch contains * mozilla-nss 3.15.3.1 which includes a certstore update (1.95) to explicitely revoke AC DG Tresor SSL intermediate CA which was misused. * Firefox 24.2esr * Thunderbird 24.2 * Seamonkey 2.23

These updates fix several security issues:

  • CVE-2013-5611 Mozilla: Application Installation doorhanger persists on navigation (MFSA 2013-105)
  • CVE-2013-5609 Mozilla: Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104)
  • CVE-2013-5610 Mozilla: Miscellaneous memory safety hazards (rv:26.0) (MFSA 2013-104)
  • CVE-2013-5612 Mozilla: Character encoding cross-origin XSS attack (MFSA 2013-106)
  • CVE-2013-5614 Mozilla: Sandbox restrictions not applied to nested object elements (MFSA 2013-107)
  • CVE-2013-5616 Mozilla: Use-after-free in event listeners (MFSA 2013-108)
  • CVE-2013-5619 Mozilla: Potential overflow in JavaScript binary search algorithms (MFSA 2013-110)
  • CVE-2013-6671 Mozilla: Segmentation violation when replacing ordered list elements (MFSA 2013-111)
  • CVE-2013-6673 Mozilla: Trust settings for built-in roots ignored during EV certificate validation (MFSA 2013-113)
  • CVE-2013-5613 Mozilla: Use-after-free in synthetic mouse movement (MFSA 2013-114)
  • CVE-2013-5615 Mozilla: GetElementIC typed array stubs can be generated outside observed typesets (MFSA 2013-115)
  • CVE-2013-6672 Mozilla: Linux clipboard information disclosure though selection paste (MFSA 2013-112)
  • CVE-2013-5618 Mozilla: Use-after-free during Table Editing (MFSA 2013-109)