SUSE Security Announcement: Mozilla suite (SUSE-SA:2010:056)
Posted on: 11/08/2010 12:27 PM

New Mozilla packages are available for openSUSE and SUSE Linux Enterprise


SUSE Security Announcement

Package: MozillaFirefox,seamonkey,MozillaThunderbird
Announcement ID: SUSE-SA:2010:056
Date: Mon, 08 Nov 2010 09:00:00 +0000
Affected Products: openSUSE 11.1
openSUSE 11.2
openSUSE 11.3
SUSE Linux Enterprise Desktop 10 SP3
SUSE Linux Enterprise Server 10 SP3
SUSE Linux Enterprise Software Development Kit 11
SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Server 11 SP1
Vulnerability Type: remote code execution
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
SUSE Default Package: yes
Cross-References: CVE-2010-2753, CVE-2010-2760, CVE-2010-2762
CVE-2010-2763, CVE-2010-2764, CVE-2010-2765
CVE-2010-2766, CVE-2010-2767, CVE-2010-2768
CVE-2010-2769, CVE-2010-2770, CVE-2010-3131
CVE-2010-3166, CVE-2010-3167, CVE-2010-3168
CVE-2010-3169, CVE-2010-3170, CVE-2010-3174
CVE-2010-3175, CVE-2010-3176, CVE-2010-3177
CVE-2010-3178, CVE-2010-3179, CVE-2010-3180
CVE-2010-3182, CVE-2010-3183, CVE-2010-3765
MFSA 2010-49, MFSA 2010-50, MFSA 2010-51
MFSA 2010-52, MFSA 2010-53, MFSA 2010-54
MFSA 2010-55, MFSA 2010-56, MFSA 2010-57
MFSA 2010-58, MFSA 2010-59, MFSA 2010-60
MFSA 2010-61, MFSA 2010-62, MFSA 2010-63
MFSA 2010-64, MFSA 2010-65, MFSA 2010-66
MFSA 2010-67, MFSA 2010-68, MFSA 2010-69
MFSA 2010-70, MFSA 2010-71, MFSA 2010-73

Content of This Advisory:
1) Security Vulnerability Resolved:
Mozilla suite security issues
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information


1) Problem Description and Brief Discussion

Various Mozilla suite components, including Firefox, were updated to
fix various bugs and security issues.

Mozilla Firefox was updated to version 3.6.12.
On SUSE Linux Enterprise 10 Service Pack 3, Mozilla Firefox was
updated to version 3.5.15.
Mozilla Seamonkey on openSUSE was updated to 2.0.10.
Mozilla Thunderbird on openSUSE was updated to 3.0.10.
Mozilla XULRunner 1.9.2 was updated to
Mozilla XULRunner 1.9.1 was updated to
Mozilla NSS was updated to 3.12.8.
Mozilla NSPR was updated to 4.8.6.

Those updates have been released over the last week, up to last Friday.

The following security issues were fixed:
MFSA 2010-64:
Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code. References

Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh
Soref reported memory safety problems that affected Firefox 3.6 and
Firefox 3.5.
* Memory safety bugs - Firefox 3.6, Firefox 3.5
* CVE-2010-3176

Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory
safety problems that affected Firefox 3.6 only.
* Memory safety bugs - Firefox 3.6
* CVE-2010-3175

MFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller
reported that passing an excessively long string to document.write
could cause text rendering routines to end up in an inconsistent
state with sections of stack memory being overwritten with the string
data. An attacker could use this flaw to crash a victim's browser
and potentially run arbitrary code on their computer.

MFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov
reported that it was possible to access the locationbar property of
a window object after it had been closed. Since the closed window's
memory could have been subsequently reused by the system it was
possible that an attempt to access the locationbar property could
result in the execution of attacker-controlled memory.

MFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht
reported via TippingPoint's Zero Day Initiative that when
window.__lookupGetter__ is called with no arguments the code assumes
the top JavaScript stack value is a property name. Since there were
no arguments passed into the function, the top value could represent
uninitialized memory or a pointer to a previously freed JavaScript
object. Under such circumstances the value is passed to another
subroutine which calls through the dangling pointer, potentially
executing attacker-controlled memory.

MFSA 2010-68 / CVE-2010-3177: Google security researcher Robert
Swiecki reported that functions used by the Gopher parser to convert
text to HTML tags could be exploited to turn text into executable
JavaScript. If an attacker could create a file or directory on a
Gopher server with the encoded script as part of its name the script
would then run in a victim's browser within the context of the site.

MFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava
reported that if a web page opened a new window and used a javascript:
URL to make a modal call, such as alert(), then subsequently navigated
the page to a different domain, once the modal call returned the
opener of the window could get access to objects in the navigated
window. This is a violation of the same-origin policy and could be
used by an attacker to steal information from another web site.

MFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore
reported that when an SSL certificate was created with a common
name containing a wildcard followed by a partial IP address a valid
SSL connection could be established with a server whose IP address
matched the wildcard range by browsing directly to the IP address. It
is extremely unlikely that such a certificate would be issued by a
Certificate Authority.

MFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script
used to launch Mozilla applications on Linux was effectively including
the current working directory in the LD_LIBRARY_PATH environment
variable. If an attacker was able to place into the current working
directory a malicious shared library with the same name as a library
that the bootstrapping script depends on the attacker could have
their library loaded instead of the legitimate library.

MFSA 2010-73 / CVE-2010-3765: Morten Kråkvik of Telenor SOC reported
an exploit targeting particular versions of Firefox 3.6 on Windows
XP that Telenor found while investigating an intrusion attempt on a
customer network. The underlying vulnerability, however, was present
on both the Firefox 3.5 and Firefox 3.6 development branches and
affected all supported platforms.

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

Please close and restart all running instances of Mozilla Firefox after the update.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST
"Online Update" module or the "zypper" commandline tool. The package and
patch management stack will detect which updates are required and
automatically perform the necessary steps to verify and install them.

Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command

rpm -Fhv

to apply the update, replacing with the filename of the
downloaded RPM package.

x86 Platform:

openSUSE 11.3:

openSUSE 11.2:

openSUSE 11.1:

Power PC Platform:

openSUSE 11.1:

x86-64 Platform:

openSUSE 11.3:

openSUSE 11.2:

openSUSE 11.1:
Printed from Linux Compatible (