Overview Details

File _patchinfo of Package patchinfo

<patchinfo>
  <issue id="825935" tracker="bnc">VUL-0: MozillaFirefox 22 security release</issue>
  <issue id="CVE-2013-1688" tracker="cve" />
  <issue id="CVE-2013-1683" tracker="cve" />
  <issue id="CVE-2013-1699" tracker="cve" />
  <issue id="CVE-2013-1698" tracker="cve" />
  <issue id="CVE-2013-1697" tracker="cve" />
  <issue id="CVE-2013-1684" tracker="cve" />
  <issue id="CVE-2013-1682" tracker="cve" />
  <issue id="CVE-2013-1694" tracker="cve" />
  <issue id="CVE-2013-1693" tracker="cve" />
  <issue id="CVE-2013-1692" tracker="cve" />
  <issue id="CVE-2013-1686" tracker="cve" />
  <issue id="CVE-2013-1685" tracker="cve" />
  <issue id="CVE-2013-1696" tracker="cve" />
  <issue id="CVE-2013-1687" tracker="cve" />
  <issue id="CVE-2013-1695" tracker="cve" />
  <issue id="CVE-2013-1690" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>wrosenauer</packager>
  <description>
MozillaFirefox was updated to Firefox 22.0 (bnc#825935)

Following security issues were fixed:
  * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683
    Miscellaneous memory safety hazards
  * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
    Memory corruption found using Address Sanitizer
  * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
    Privileged content access and execution via XBL
  * MFSA 2013-52/CVE-2013-1688 (bmo#873966)
    Arbitrary code execution within Profiler
  * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
    Execution of unmapped memory through onreadystatechange event
  * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
    Data in the body of XHR HEAD requests leads to CSRF attacks
  * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
    SVG filters can lead to information disclosure
  * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
    PreserveWrapper has inconsistent behavior
  * MFSA 2013-57/CVE-2013-1695 (bmo#849791)
    Sandbox restrictions not applied to nested frame elements
  * MFSA 2013-58/CVE-2013-1696 (bmo#761667)
    X-Frame-Options ignored when using server push with multi-part
    responses
  * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
    XrayWrappers can be bypassed to run user defined methods in a
    privileged context
  * MFSA 2013-60/CVE-2013-1698 (bmo#876044)
    getUserMedia permission dialog incorrectly displays location
  * MFSA 2013-61/CVE-2013-1699 (bmo#840882)
    Homograph domain spoofing in .com, .net and .name
</description>
  <summary>MozillaFirefox: Update to Firefox 22.0 release</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places