Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2013:1678-1
HistoryNov 15, 2013 - 3:04 a.m.

Security update for Mozilla Firefox (important)

2013-11-1503:04:14
lists.opensuse.org
19

0.111 Low

EPSS

Percentile

94.6%

JSON

Mozilla Firefox has been updated to the 17.0.10ESR release,
which fixes various bugs and security issues:

MFSA 2013-93: Mozilla developers identified and fixed
several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code.

Jesse Ruderman and Christoph Diehl reported memory
safety problems and crashes that affect Firefox ESR 17,
Firefox ESR 24, and Firefox 24. (CVE-2013-5590)

Carsten Book reported a crash fixed in the NSS
library used by Mozilla-based products fixed in Firefox 25,
Firefox ESR 24.1, and Firefox ESR 17.0.10.(CVE-2013-1739)

MFSA 2013-95 / CVE-2013-5604: Security researcher
Abhishek Arya (Inferno) of the Google Chrome Security Team
used the Address Sanitizer tool to discover an access
violation due to uninitialized data during Extensible
Stylesheet Language Transformation (XSLT) processing. This
leads to a potentially exploitable crash.

MFSA 2013-96 / CVE-2013-5595: Compiler Engineer Dan
Gohman of Google discovered a flaw in the JavaScript engine
where memory was being incorrectly allocated for some
functions and the calls for allocations were not always
properly checked for overflow, leading to potential buffer
overflows. When combined with other vulnerabilities, these
flaws could be potentially exploitable.

MFSA 2013-98 / CVE-2013-5597: Security researcher
Byoungyoung Lee of Georgia Tech Information Security Center
(GTISC) used the Address Sanitizer tool to discover a
use-after-free during state change events while updating
the offline cache. This leads to a potentially exploitable
crash.

MFSA 2013-100: Security researcher Nils used the
Address Sanitizer tool while fuzzing to discover missing
strong references in browsing engine leading to
use-after-frees. This can lead to a potentially exploitable
crash.

o ASAN heap-use-after-free in
nsIPresShell::GetPresContext() with canvas, onresize and
mozTextStyle (CVE-2013-5599) o ASAN use-after-free in
nsIOService::NewChannelFromURIWithProxyFlags with Blob URL
(CVE-2013-5600) o ASAN use-after free in GC allocation in
nsEventListenerManager::SetEventHandler (CVE-2013-5601)
*

MFSA 2013-101 / CVE-2013-5602: Security researcher
Nils used the Address Sanitizer tool while fuzzing to
discover a memory corruption issue with the JavaScript
engine when using workers with direct proxies. This results
in a potentially exploitable crash.

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Software Development Kit11.2s390xmozilla-nspr-devel< 4.10.1-0.3.1mozilla-nspr-devel-4.10.1-0.3.1.s390x.rpm
SUSE Linux Enterprise Server11.2ia64mozilla-nspr-x86< 4.10.1-0.3.1mozilla-nspr-x86-4.10.1-0.3.1.ia64.rpm
SUSE Linux Enterprise Server11.3s390xmozilla-nss< 3.15.2-0.8.1mozilla-nss-3.15.2-0.8.1.s390x.rpm
SUSE Linux Enterprise Server LTSS10.4i586mozilla-nss-devel< 3.15.2-0.5.1mozilla-nss-devel-3.15.2-0.5.1.i586.rpm
SUSE Linux Enterprise Server11.3ppc64mozillafirefox-translations< 17.0.10esr-0.7.4MozillaFirefox-translations-17.0.10esr-0.7.4.ppc64.rpm
SUSE Linux Enterprise Server LTSS11.1x86_64libfreebl3-32bit< 3.15.2-0.3.1libfreebl3-32bit-3.15.2-0.3.1.x86_64.rpm
SUSE Linux Enterprise Server for VMware11.3x86_64mozilla-nss-tools< 3.15.2-0.8.1mozilla-nss-tools-3.15.2-0.8.1.x86_64.rpm
SUSE Linux Enterprise Server11.3ppc64mozilla-nspr< 4.10.1-0.3.1mozilla-nspr-4.10.1-0.3.1.ppc64.rpm
SUSE Linux Enterprise Server LTSS11.1x86_64mozilla-nspr< 4.10.1-0.3.1mozilla-nspr-4.10.1-0.3.1.x86_64.rpm
SUSE Linux Enterprise Server for VMware11.3x86_64libsoftokn3-32bit< 3.15.2-0.8.1libsoftokn3-32bit-3.15.2-0.8.1.x86_64.rpm
Rows per page:
1-10 of 2631

Related

mageia 3
openvas 68
nessus 52
veracode 12
redhat 4
oraclelinux 4
centos 4
debian 5
ibm 2
ubuntu 3
freebsd 1
securityvulns 3
mozilla 6
suse 2
ubuntucve 9
cve 9
prion 9
debiancve 1
amazon 2
mageia
mageia
Updated firefox & related packages fix multiple security vulnerabilities
2013-11-09 22:55:13
Updated thunderbird package fixes security vulnerabilities
2013-11-18 18:39:59
Updated iceape packages fix many vulnerabilities
2013-11-21 00:16:49
openvas
openvas
Debian Security Advisory DSA 2797-1 (icedove - several vulnerabilities)
2013-11-13 00:00:00
CentOS Update for thunderbird CESA-2013:1480 centos6
2013-11-08 00:00:00
Mageia: Security Advisory (MGASA-2013-0326)
2022-01-28 00:00:00
nessus
nessus
Oracle Linux 6 : thunderbird (ELSA-2013-1480)
2013-10-31 00:00:00
Oracle Linux 5 / 6 : firefox (ELSA-2013-1476)
2013-10-30 00:00:00
SuSE 11.2 Security Update : MozillaFirefox (SAT Patch Number 8545)
2013-11-17 00:00:00
veracode
veracode
Use After Free
2019-05-02 04:56:51
Stack-based Buffer Overflow
2019-05-02 04:56:51
Buffer Overflow
2019-05-02 04:56:49
redhat
redhat
(RHSA-2013:1476) Critical: firefox security update
2013-10-29 00:00:00
(RHSA-2013:1480) Important: thunderbird security update
2013-10-30 00:00:00
(RHSA-2013:1829) Important: nss, nspr, and nss-util security update
2013-12-12 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2013-10-30 00:00:00
firefox security update
2013-10-29 00:00:00
nss and nspr security, bug fix, and enhancement update
2013-12-05 00:00:00
centos
centos
thunderbird security update
2013-10-30 22:19:56
firefox, xulrunner security update
2013-10-30 04:12:01
nspr, nss security update
2013-12-13 00:04:31
debian
debian
[SECURITY] [DSA 2797-1] icedove security update
2013-11-13 21:45:22
[SECURITY] [DSA 2788-1] iceweasel security update
2013-10-31 08:27:05
[SECURITY] [DSA 2790-1] nss security update
2013-11-02 06:11:59
ibm
ibm
Security Bulletin: Mozilla firefox vulnerability issues on IBM Storwize V7000 Unified (CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604)
2018-06-18 00:07:38
Security Bulletin: Mozilla firefox vulnerability issues on SONAS (CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604)
2018-06-18 00:07:42
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-10-31 00:00:00
Firefox vulnerabilities
2013-10-29 00:00:00
NSS vulnerabilities
2013-11-18 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-10-29 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-11-05 00:00:00
Mozilla nss uninitialized memory dereference
2013-10-28 00:00:00
[ MDVSA-2013:257 ] nss
2013-10-28 00:00:00
mozilla
mozilla
Miscellaneous use-after-free issues found through ASAN fuzzing — Mozilla
2013-10-29 00:00:00
Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10) — Mozilla
2013-10-29 00:00:00
Memory corruption in workers — Mozilla
2013-10-29 00:00:00
suse
suse
Mozilla updates 10/2013 (important)
2013-11-07 11:04:15
Mozilla Suite: Update to October 2013 release (important)
2013-11-07 10:04:11
ubuntucve
ubuntucve
CVE-2013-5604
2013-10-29 00:00:00
CVE-2013-5602
2013-10-29 00:00:00
CVE-2013-5590
2013-10-29 00:00:00
cve
cve
CVE-2013-5604
2013-10-30 10:55:00
CVE-2013-5602
2013-10-30 10:55:00
CVE-2013-5595
2013-10-30 10:55:00
prion
prion
Memory corruption
2013-10-30 10:55:00
Buffer overflow
2013-10-30 10:55:00
Stack overflow
2013-10-30 10:55:00
debiancve
debiancve
CVE-2013-1739
2013-10-22 22:55:00
amazon
amazon
Important: nss
2013-12-17 21:31:00
Important: nspr
2013-12-17 21:31:00

0.111 Low

EPSS

Percentile

94.6%

JSON
Related for SUSE-SU-2013:1678-1
mageia3openvas68nessus52veracode12redhat4oraclelinux4centos4debian5ibm2ubuntu3freebsd1securityvulns3mozilla6suse2ubuntucve9cve9prion9debiancve1amazon2