Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.1004
Security update for Mozilla Firefox
6 October 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Mozilla Firefox
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2011-3000 CVE-2011-2999 CVE-2011-2996
CVE-2011-2995 CVE-2011-2372
Reference: ASB-2011.0083
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:1096-1
Rating: important
References: #720264
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Server 10 SP3
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
SLE SDK 10 SP3
______________________________________________________________________________
An update that contains security fixes can now be
installed. It includes two new package versions.
Description:
Mozilla Firefox was updated to version 3.6.23, fixing
various bugs and security issues.
*
MFSA 2011-36: Mozilla developers identified and fixed
several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary
code.
In general these flaws cannot be exploited through
email in the Thunderbird and SeaMonkey products because
scripting is disabled,, but are potentially a risk in
browser or browser-like contexts in those products.
*
Benjamin Smedberg, Bob Clary, and Jesse Ruderman
reported memory safety problems that affected Firefox 3.6
and Firefox 6. (CVE-2011-2995)
*
Josh Aas reported a potential crash in the plugin API
that affected Firefox 3.6 only. (CVE-2011-2996)
*
MFSA 2011-37: Mark Kaplan reported a potentially
exploitable crash due to integer underflow when using a
large JavaScript RegExp expression. We would also like to
thank Mark for contributing the fix for this problem. (no
CVE yet)
*
MFSA 2011-38: Mozilla developer Boris Zbarsky
reported that a frame named "location" could shadow the
window.location object unless a script in a page grabbed a
reference to the true object before the frame was created.
Because some plugins use the value of window.location to
determine the page origin this could fool the plugin into
granting the plugin content access to another site or the
local file system in violation of the Same Origin Policy.
This flaw allows circumvention of the fix added for MFSA
2010-10. (CVE-2011-2999)
*
MFSA 2011-39: Ian Graham of Citrix Online reported
that when multiple Location headers were present in a
redirect response Mozilla behavior differed from other
browsers: Mozilla would use the second Location header
while Chrome and Internet Explorer would use the first. Two
copies of this header with different values could be a
symptom of a CRLF injection attack against a vulnerable
server. Most commonly it is the Location header itself that
is vulnerable to the response splitting and therefore the
copy preferred by Mozilla is more likely to be the
malicious one. It is possible, however, that the first copy
was the injected one depending on the nature of the server
vulnerability.
The Mozilla browser engine has been changed to treat
two copies of this header with different values as an error
condition. The same has been done with the headers
Content-Length and Content-Disposition. (CVE-2011-3000)
*
MFSA 2011-40: Mariusz Mlynski reported that if you
could convince a user to hold down the Enter key--as part
of a game or test, perhaps--a malicious page could pop up a
download dialog where the held key would then activate the
default Open action. For some file types this would be
merely annoying (the equivalent of a pop-up) but other file
types have powerful scripting capabilities. And this would
provide an avenue for an attacker to exploit a
vulnerability in applications not normally exposed to
potentially hostile internet content.
Holding enter allows arbitrary code execution due to
Download Manager (CVE-2011-2372)
Indications:
Please install this update.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP1:
zypper in -t patch sdksp1-MozillaFirefox-5224
- SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-MozillaFirefox-5224
- SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-MozillaFirefox-5224
- SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-MozillaFirefox-5224
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.9.2.23]:
mozilla-xulrunner192-devel-1.9.2.23-1.2.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64) [New Version: 1.9.2.23]:
mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1
mozilla-xulrunner192-translations-32bit-1.9.2.23-1.2.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (ia64) [New Version: 1.9.2.23]:
mozilla-xulrunner192-gnome-x86-1.9.2.23-1.2.1
mozilla-xulrunner192-translations-x86-1.9.2.23-1.2.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 3.6.23]:
MozillaFirefox-3.6.23-0.3.1
MozillaFirefox-translations-3.6.23-0.3.1
mozilla-xulrunner192-1.9.2.23-1.2.1
mozilla-xulrunner192-gnome-1.9.2.23-1.2.1
mozilla-xulrunner192-translations-1.9.2.23-1.2.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64):
mozilla-xulrunner192-32bit-1.9.2.23-1.2.1
- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.9.2.23 and 3.6.23]:
MozillaFirefox-3.6.23-0.3.1
MozillaFirefox-translations-3.6.23-0.3.1
mozilla-xulrunner192-1.9.2.23-1.2.1
mozilla-xulrunner192-gnome-1.9.2.23-1.2.1
mozilla-xulrunner192-translations-1.9.2.23-1.2.1
- SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 1.9.2.23]:
mozilla-xulrunner192-32bit-1.9.2.23-1.2.1
- SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 1.9.2.23]:
mozilla-xulrunner192-x86-1.9.2.23-1.2.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 1.9.2.23]:
mozilla-xulrunner192-1.9.2.23-1.6.1
mozilla-xulrunner192-gnome-1.9.2.23-1.6.1
mozilla-xulrunner192-translations-1.9.2.23-1.6.1
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 3.6.23]:
MozillaFirefox-3.6.23-0.5.1
MozillaFirefox-translations-3.6.23-0.5.1
- SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 1.9.2.23]:
mozilla-xulrunner192-32bit-1.9.2.23-1.6.1
mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.6.1
mozilla-xulrunner192-translations-32bit-1.9.2.23-1.6.1
- SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64) [New Version: 1.9.2.23]:
mozilla-xulrunner192-1.9.2.23-1.6.1
mozilla-xulrunner192-gnome-1.9.2.23-1.6.1
mozilla-xulrunner192-translations-1.9.2.23-1.6.1
- SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x) [New Version: 3.6.23]:
MozillaFirefox-3.6.23-0.5.1
MozillaFirefox-translations-3.6.23-0.5.1
- SUSE Linux Enterprise Server 10 SP3 (s390x x86_64) [New Version: 1.9.2.23]:
mozilla-xulrunner192-32bit-1.9.2.23-1.6.1
mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.6.1
mozilla-xulrunner192-translations-32bit-1.9.2.23-1.6.1
- SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.9.2.23 and 3.6.23]:
MozillaFirefox-3.6.23-0.3.1
MozillaFirefox-translations-3.6.23-0.3.1
mozilla-xulrunner192-1.9.2.23-1.2.1
mozilla-xulrunner192-gnome-1.9.2.23-1.2.1
mozilla-xulrunner192-translations-1.9.2.23-1.2.1
- SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 1.9.2.23]:
mozilla-xulrunner192-32bit-1.9.2.23-1.2.1
mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1
mozilla-xulrunner192-translations-32bit-1.9.2.23-1.2.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 1.9.2.23]:
mozilla-xulrunner192-1.9.2.23-1.6.1
mozilla-xulrunner192-gnome-1.9.2.23-1.6.1
mozilla-xulrunner192-translations-1.9.2.23-1.6.1
- SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 1.9.2.23]:
mozilla-xulrunner192-32bit-1.9.2.23-1.6.1
mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.6.1
mozilla-xulrunner192-translations-32bit-1.9.2.23-1.6.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 3.6.23]:
MozillaFirefox-3.6.23-0.5.1
MozillaFirefox-translations-3.6.23-0.5.1
- SLE SDK 10 SP4 (i586 ia64 ppc s390x):
MozillaFirefox-branding-upstream-3.6.23-0.5.1
- SLE SDK 10 SP3 (i586 ia64 ppc s390x) [New Version: 3.6.23]:
MozillaFirefox-branding-upstream-3.6.23-0.5.1
References:
https://bugzilla.novell.com/720264
http://download.novell.com/patch/finder/?keywords=10c4cb33ededc2c321d18a148b90acfb
http://download.novell.com/patch/finder/?keywords=46722e64fe17eadd1ef21115efb414e0
http://download.novell.com/patch/finder/?keywords=8026ac2197f43942ee30e9d32864f793
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTo0Qwu4yVqjM2NGpAQKXbRAAlmvknwQRDYDPdVqei6vMq+OICJ0a9+sX
e8+ue3krsGVzNipJ5tWrqGj+ZpjlanXTyO/yoo3lNL+AkmDGgdsWjUTnwBoVJUD5
iIg2Hy+EzIWShJDTvuMOFGghBYIupMLMShXEGW7vVjHqhKhev/2+MEbwyNKNaB0f
1j2ni7EshRFZIje51Z4lptOXUdQo8psdLhfuofzBRIZt8rHX22ucQgW2rsx4Tnwn
Ruqm5SkQNDZhdz8OprCe6kGn95flwn1JooQw1+7CLA/OKnA5Z2mReaadyqRGk60g
Ja1cJiAqMXDZFRA+70QMzmFtA7GS2hccQpKujhPnnAYMArbOlcocBWDsRxwMSrSL
PTSjz8Z2UNxAfGilIlZhI+nJFi+wwln5npqTZXz/BEtIhk+KLY7yxX+p1EX77qU/
PsfvQP6Kv0cTec4XAvYqrAjBno8m+5HDWBGAb0vV5obGHfqN5iHBt56rOHZ/5LPQ
anx1Fq6mFhOdiHc5A3NLuDoz4BSw2X7uF1AhzMWFtIZ31Q93nFb1/hUmNdkyUQOS
q1hfDE+clxyQBVqsCZOL8bXuDndc5EHlonN0QnTglbxieO4GShM4FRd3sA20Xo3t
ShjvzdorU40cvIWwSpzkwgfQK3Sf3Uo0IHovx4hIta5hnzinqkJ/KO1L5xFJ0DYs
Z2S+XPa1nB0=
=J0f1
-----END PGP SIGNATURE-----