Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2011.1004 Security update for Mozilla Firefox 6 October 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mozilla Firefox Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2011-3000 CVE-2011-2999 CVE-2011-2996 CVE-2011-2995 CVE-2011-2372 Reference: ASB-2011.0083 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:1096-1 Rating: important References: #720264 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 SLE SDK 10 SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes two new package versions. Description: Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. * MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled,, but are potentially a risk in browser or browser-like contexts in those products. * Benjamin Smedberg, Bob Clary, and Jesse Ruderman reported memory safety problems that affected Firefox 3.6 and Firefox 6. (CVE-2011-2995) * Josh Aas reported a potential crash in the plugin API that affected Firefox 3.6 only. (CVE-2011-2996) * MFSA 2011-37: Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. We would also like to thank Mark for contributing the fix for this problem. (no CVE yet) * MFSA 2011-38: Mozilla developer Boris Zbarsky reported that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy. This flaw allows circumvention of the fix added for MFSA 2010-10. (CVE-2011-2999) * MFSA 2011-39: Ian Graham of Citrix Online reported that when multiple Location headers were present in a redirect response Mozilla behavior differed from other browsers: Mozilla would use the second Location header while Chrome and Internet Explorer would use the first. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Most commonly it is the Location header itself that is vulnerable to the response splitting and therefore the copy preferred by Mozilla is more likely to be the malicious one. It is possible, however, that the first copy was the injected one depending on the nature of the server vulnerability. The Mozilla browser engine has been changed to treat two copies of this header with different values as an error condition. The same has been done with the headers Content-Length and Content-Disposition. (CVE-2011-3000) * MFSA 2011-40: Mariusz Mlynski reported that if you could convince a user to hold down the Enter key--as part of a game or test, perhaps--a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content. Holding enter allows arbitrary code execution due to Download Manager (CVE-2011-2372) Indications: Please install this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-MozillaFirefox-5224 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-MozillaFirefox-5224 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-MozillaFirefox-5224 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-MozillaFirefox-5224 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.9.2.23]: mozilla-xulrunner192-devel-1.9.2.23-1.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64) [New Version: 1.9.2.23]: mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-32bit-1.9.2.23-1.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ia64) [New Version: 1.9.2.23]: mozilla-xulrunner192-gnome-x86-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-x86-1.9.2.23-1.2.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 3.6.23]: MozillaFirefox-3.6.23-0.3.1 MozillaFirefox-translations-3.6.23-0.3.1 mozilla-xulrunner192-1.9.2.23-1.2.1 mozilla-xulrunner192-gnome-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-1.9.2.23-1.2.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): mozilla-xulrunner192-32bit-1.9.2.23-1.2.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.9.2.23 and 3.6.23]: MozillaFirefox-3.6.23-0.3.1 MozillaFirefox-translations-3.6.23-0.3.1 mozilla-xulrunner192-1.9.2.23-1.2.1 mozilla-xulrunner192-gnome-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-1.9.2.23-1.2.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 1.9.2.23]: mozilla-xulrunner192-32bit-1.9.2.23-1.2.1 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 1.9.2.23]: mozilla-xulrunner192-x86-1.9.2.23-1.2.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 1.9.2.23]: mozilla-xulrunner192-1.9.2.23-1.6.1 mozilla-xulrunner192-gnome-1.9.2.23-1.6.1 mozilla-xulrunner192-translations-1.9.2.23-1.6.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 3.6.23]: MozillaFirefox-3.6.23-0.5.1 MozillaFirefox-translations-3.6.23-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 1.9.2.23]: mozilla-xulrunner192-32bit-1.9.2.23-1.6.1 mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.6.1 mozilla-xulrunner192-translations-32bit-1.9.2.23-1.6.1 - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64) [New Version: 1.9.2.23]: mozilla-xulrunner192-1.9.2.23-1.6.1 mozilla-xulrunner192-gnome-1.9.2.23-1.6.1 mozilla-xulrunner192-translations-1.9.2.23-1.6.1 - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x) [New Version: 3.6.23]: MozillaFirefox-3.6.23-0.5.1 MozillaFirefox-translations-3.6.23-0.5.1 - SUSE Linux Enterprise Server 10 SP3 (s390x x86_64) [New Version: 1.9.2.23]: mozilla-xulrunner192-32bit-1.9.2.23-1.6.1 mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.6.1 mozilla-xulrunner192-translations-32bit-1.9.2.23-1.6.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.9.2.23 and 3.6.23]: MozillaFirefox-3.6.23-0.3.1 MozillaFirefox-translations-3.6.23-0.3.1 mozilla-xulrunner192-1.9.2.23-1.2.1 mozilla-xulrunner192-gnome-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-1.9.2.23-1.2.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 1.9.2.23]: mozilla-xulrunner192-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.2.1 mozilla-xulrunner192-translations-32bit-1.9.2.23-1.2.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 1.9.2.23]: mozilla-xulrunner192-1.9.2.23-1.6.1 mozilla-xulrunner192-gnome-1.9.2.23-1.6.1 mozilla-xulrunner192-translations-1.9.2.23-1.6.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 1.9.2.23]: mozilla-xulrunner192-32bit-1.9.2.23-1.6.1 mozilla-xulrunner192-gnome-32bit-1.9.2.23-1.6.1 mozilla-xulrunner192-translations-32bit-1.9.2.23-1.6.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 3.6.23]: MozillaFirefox-3.6.23-0.5.1 MozillaFirefox-translations-3.6.23-0.5.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-branding-upstream-3.6.23-0.5.1 - SLE SDK 10 SP3 (i586 ia64 ppc s390x) [New Version: 3.6.23]: MozillaFirefox-branding-upstream-3.6.23-0.5.1 References: https://bugzilla.novell.com/720264 http://download.novell.com/patch/finder/?keywords=10c4cb33ededc2c321d18a148b90acfb http://download.novell.com/patch/finder/?keywords=46722e64fe17eadd1ef21115efb414e0 http://download.novell.com/patch/finder/?keywords=8026ac2197f43942ee30e9d32864f793 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTo0Qwu4yVqjM2NGpAQKXbRAAlmvknwQRDYDPdVqei6vMq+OICJ0a9+sX e8+ue3krsGVzNipJ5tWrqGj+ZpjlanXTyO/yoo3lNL+AkmDGgdsWjUTnwBoVJUD5 iIg2Hy+EzIWShJDTvuMOFGghBYIupMLMShXEGW7vVjHqhKhev/2+MEbwyNKNaB0f 1j2ni7EshRFZIje51Z4lptOXUdQo8psdLhfuofzBRIZt8rHX22ucQgW2rsx4Tnwn Ruqm5SkQNDZhdz8OprCe6kGn95flwn1JooQw1+7CLA/OKnA5Z2mReaadyqRGk60g Ja1cJiAqMXDZFRA+70QMzmFtA7GS2hccQpKujhPnnAYMArbOlcocBWDsRxwMSrSL PTSjz8Z2UNxAfGilIlZhI+nJFi+wwln5npqTZXz/BEtIhk+KLY7yxX+p1EX77qU/ PsfvQP6Kv0cTec4XAvYqrAjBno8m+5HDWBGAb0vV5obGHfqN5iHBt56rOHZ/5LPQ anx1Fq6mFhOdiHc5A3NLuDoz4BSw2X7uF1AhzMWFtIZ31Q93nFb1/hUmNdkyUQOS q1hfDE+clxyQBVqsCZOL8bXuDndc5EHlonN0QnTglbxieO4GShM4FRd3sA20Xo3t ShjvzdorU40cvIWwSpzkwgfQK3Sf3Uo0IHovx4hIta5hnzinqkJ/KO1L5xFJ0DYs Z2S+XPa1nB0= =J0f1 -----END PGP SIGNATURE-----