Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2013:7224

Overview

Id SUSE-2013:7224
Name Novell SUSE 2013:7224 firefox-201301 security update for SLE 11 SP2 x86_64
Vendor Name novell
Product None
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 10 Jan 2013 12:00:00

SUSE-2013:7224

Novell SUSE 2013:7224 firefox-201301 security update for SLE 11 SP2 x86_64

Vendor Name

novell

Product

None

Released On

10 Jan 2013 12:00:00

Url

http://www.novell.com/support/search.do?usemicrosite=true&searchString=9589e71e3266116ae59aa9d6e45add05

Description

LSAC(v2)
Mozilla Firefox was updated to the 10.0.12ESR release. * MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. o Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. ( CVE-2013-0769 ) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported memory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749 ) o Jesse Ruderman, Christian Holler, Julian Seward, and Scoobidiver reported memory safety problems and crashes that affect Firefox 17. (CVE-2013-0770 ) * MFSA 2013-02: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. The following issue was fixed in Firefox 18: o Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar (CVE-2013-0760 ) The following issues were fixed in Firefox 18, ESR 17.0.1, and ESR 10.0.12: o Heap-use-after-free in imgRequest::OnStopFrame (CVE-2013-0762 ) o Heap-use-after-free in ~nsHTMLEditRules (CVE-2013-0766 ) o Out of bounds read in nsSVGPathElement::GetPathLengthScale ( CVE-2013-0767 ) The following issues were fixed in Firefox 18 and ESR 17.0.1: o Heap-use-after-free in mozilla::TrackUnionStream::EndTrack ( CVE-2013-0761 ) o Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas (CVE-2013-0763 ) o Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771 ) The following

Related Resources

Related Vulnerabilities

CVE-2012-5829   CVE-2013-0769   CVE-2013-0749   CVE-2013-0770   CVE-2013-0760   CVE-2013-0762   CVE-2013-0766   CVE-2013-0767   CVE-2013-0761   CVE-2013-0763   CVE-2013-0771   CVE-2013-0768   CVE-2013-0759   CVE-2013-0744   CVE-2013-0751   CVE-2013-0764   CVE-2013-0745   CVE-2013-0746   CVE-2013-0747   CVE-2013-0748   CVE-2013-0750   CVE-2013-0752   CVE-2013-0757   CVE-2013-0758   CVE-2013-0753   CVE-2013-0754   CVE-2013-0755   CVE-2013-0756  

Related Patches

Superseded Patches

None


Last Updated: 27 May 2016 11:16:20