Overview Repositories Revisions Requests Users Attributes Meta
Mozilla XULRunner: Security update to 1.9.2.15

MozillaFirefox was updated to version 1.9.2.15, fixing
various security issues.

Following security issues were fixed: MFSA 2011-01: Mozilla
developers identified and fixed several memory safety bugs
in the browser engine used in Firefox and other
Mozilla-based products. Some of these bugs showed evidence
of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these
could be exploited to run arbitrary code. References

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff
Walden, Henry Sivonen, Martijn Wargers, David Baron and
Marcia Knous reported memory safety problems that affected
Firefox 3.6 and Firefox 3.5. (CVE-2011-0053)

Igor Bukanov and Gary Kwong reported memory safety problems
that affected Firefox 3.6 only. (CVE-2011-0062)

MFSA 2011-02 / CVE-2011-0051: Security researcher Zach
Hoffman reported that a recursive call to eval() wrapped in
a try/catch statement places the browser into a
inconsistent state. Any dialog box opened in this state is
displayed without text and with non-functioning buttons.
Closing the window causes the dialog to evaluate to true.
An attacker could use this issue to force a user into
accepting any dialog, such as one granting elevated
privileges to the page presenting the dialog.

MFSA 2011-03 / CVE-2011-0055: Security researcher
regenrecht reported via TippingPoint's Zero Day Initiative
that a method used by JSON.stringify contained a
use-after-free error in which a currently in-use pointer
was freed and subsequently dereferenced. This could lead to
arbitrary code execution if an attacker was able to store
malicious code in the freed section of memory.

Mozilla developer Igor Bukanov also independently
discovered and reported this issue two weeks after the
initial report was received.

MFSA 2011-04 / CVE-2011-0054: Security researcher Christian
Holler reported that the JavaScript engine's internal
memory mapping of non-local JS variables contained a buffer
overflow which could potentially be used by an attacker to
run arbitrary code on a victim's computer.

MFSA 2011-05 / CVE-2011-0056: Security researcher Christian
Holler reported that the JavaScript engine's internal
mapping of string values contained an error in cases where
the number of values being stored was above 64K. In such
cases an offset pointer was manually moved forwards and
backwards to access the larger address space. If an
exception was thrown between the time that the offset
pointer was moved forward and the time it was reset, then
the exception object would be read from an invalid memory
address, potentially executing attacker-controlled memory.

MFSA 2011-06 / CVE-2011-0057: Daniel Kozlowski reported
that a JavaScript Worker could be used to keep a reference
to an object that could be freed during garbage collection.
Subsequent calls through this deleted reference could cause
attacker-controlled memory to be executed on a victim's
computer.

MFSA 2011-07 / CVE-2011-0058: Alex Miller reported that
when very long strings were constructed and inserted into
an HTML document, the browser would incorrectly construct
the layout objects used to display the text. Under such
conditions an incorrect length would be calculated for a
text run resulting in too small of a memory buffer being
allocated to store the text. This issue could be used by an
attacker to write data past the end of the buffer and
execute malicious code on a victim's computer. This issue
affects only Mozilla browsers on Windows.

MFSA 2011-08 / CVE-2010-1585: Mozilla security developer
Roberto Suggi Liverani reported that ParanoidFragmentSink,
a class used to sanitize potentially unsafe HTML for
display, allows javascript: URLs and other inline
JavaScript when the embedding document is a chrome
document. While there are no unsafe uses of this class in
any released products, extension code could have
potentially used it in an unsafe manner.

MFSA 2011-09 / CVE-2011-0061: Security researcher Jordi
Chancel reported that a JPEG image could be constructed
that would be decoded incorrectly, causing data to be
written past the end of a buffer created to store the
image. An attacker could potentially craft such an image
that would cause malicious code to be stored in memory and
then later executed on a victim's computer.

MFSA 2011-10 / CVE-2011-0059: Adobe security researcher
Peleus Uhley reported that when plugin-initiated requests
receive a 307 redirect response, the plugin is not notified
and the request is forwarded to the new location. This is
true even for cross-site redirects, so any custom headers
that were added as part of the initial request would be
forwarded intact across origins. This poses a CSRF risk for
web applications that rely on custom headers only being
present in requests from their own origin.

Fixed bugs
bnc#667155
VUL-0: MozillaFirefox 3.5.17/3.6.14
CVE#CVE-2011-0053
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and applicati
CVE#CVE-2011-0062
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrar
CVE#CVE-2011-0051
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrat
CVE#CVE-2011-0055
Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js
CVE#CVE-2011-0054
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap"
CVE#CVE-2011-0056
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string valu
CVE#CVE-2011-0057
Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage
CVE#CVE-2011-0058
Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers constructi
CVE#CVE-2010-1585
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome
CVE#CVE-2011-0061
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
CVE#CVE-2011-0059
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and
Selected Binaries
openSUSE Build Service is sponsored by
Places