Security update for Mozilla Firefox (critical)

2012-02-16T04:08:25
ID SUSE-SU-2012:0261-1
Type suse
Reporter Suse
Modified 2012-02-16T04:08:25

Description

MozillaFirefox was updated to 10.0.1 to fix critical bugs and security issue.

The following security issue has been fixed:

CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.

Firefox 9 and earlier are not affected by this vulnerability.

<a rel="nofollow" href="https://www.mozilla.org/security/announce/2012/mfsa2012-10.h">https://www.mozilla.org/security/announce/2012/mfsa2012-10.h</a> tml <<a rel="nofollow" href="https://www.mozilla.org/security/announce/2012/mfsa2012-10">https://www.mozilla.org/security/announce/2012/mfsa2012-10</a>. html>

Security Issues:

  • CVE-2012-0452 <<a rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452</a> >