Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2012:8381

Overview

Id SUSE-2012:8381
Name Novell SUSE 2012:8381 firefox-20121121 security update for SLE 10 SP4 x86_64
Vendor Name novell
Product None
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 23 Nov 2012 12:00:00

SUSE-2012:8381

Novell SUSE 2012:8381 firefox-20121121 security update for SLE 10 SP4 x86_64

Vendor Name

novell

Product

None

Released On

23 Nov 2012 12:00:00

Url

http://www.novell.com/support/search.do?usemicrosite=true&searchString=8f4e08deca5960ae494ddceeb6c10708

Description

LSAC(v2)
Mozilla Firefox has been updated to the 10.0.11 ESR security release, which fixes various bugs and security issues. * MFSA 2012-106: Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o use-after-free when loading html file on osx (CVE-2012-5830) o Mesa crashes on certain texImage2D calls involving level>0 (CVE-2012-5833) o integer overflow, invalid write w/webgl bufferdata (CVE-2012-5835) The following issues have been fixed in Firefox 17: o crash in copyTexImage2D with image dimensions too large for given level (CVE-2012-5838) * MFSA 2012-105: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that have been fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References The following issues have been fixed in Firefox 17 and ESR 10.0.11: o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-4214) o Heap-use-after-free in nsPlaintextEditor::FireClipboardEvent (CVE-2012-4215) o Heap-use-after-free in gfxFont::GetFontEntry (CVE-2012-4216) o Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) o heap-buffer-overflow in gfxShapedWord::CompressedGlyph::IsClusterStart o CVE-2012-5839 o Heap-use-after-free in nsTextEditorState::PrepareEditor (CVE-2012-5840) The following issues have been fixed in Firefox 17: o Heap-use-after-free in XPCWrappedNative::Mark (CVE-2012-4212) o Heap-use-after-free in nsEditor::FindNextLeafNode (CVE-2012-4213) o Heap-use-after-free in nsViewManager::ProcessPendingUpdates (CVE-2012-4217) o Heap-use-after-free BuildTextRunsScanner::BreakSink::SetBreaks (CVE-2012-4218) * MFSA 2012-104 / CVE-2012-4210: Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML a

Related Resources

Related Vulnerabilities

CVE-2012-5830   CVE-2012-5833   CVE-2012-5835   CVE-2012-5838   CVE-2012-4214   CVE-2012-4215   CVE-2012-4216   CVE-2012-5829   CVE-2012-5839   CVE-2012-5840   CVE-2012-4212   CVE-2012-4213   CVE-2012-4217   CVE-2012-4218   CVE-2012-4210   CVE-2012-4209   CVE-2012-5837   CVE-2012-4207   CVE-2012-5841   CVE-2012-4208   CVE-2012-4206   CVE-2012-4205   CVE-2012-4204   CVE-2012-4203   CVE-2012-5836   CVE-2012-4201   CVE-2012-4202   CVE-2012-5843   CVE-2012-5842  

Related Patches

Superseded Patches

None


Last Updated: 27 May 2016 11:15:51