-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                MozillaFirefox,MozillaThunderbird,seamonkey,mozilla-nss
        Announcement ID:        SUSE-SA:2010:021
        Date:                   Wed, 14 Apr 2010 15:00:00 +0000
        Affected Products:      openSUSE 11.0
                                openSUSE 11.1
                                openSUSE 11.2
                                SLE SDK 10 SP2
                                SLE SDK 10 SP3
                                SUSE Linux Enterprise Desktop 10 SP2
                                SUSE Linux Enterprise Desktop 10 SP3
                                SUSE Linux Enterprise Server 10 SP2
                                SUSE Linux Enterprise Server 10 SP3
                                SUSE Linux Enterprise Software Development Kit 11
                                SUSE Linux Enterprise Desktop 11
                                SUSE Linux Enterprise Server 11
        Vulnerability Type:     remote code execution
        CVSS v2 Base Score:     10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
        SUSE Default Package:   yes
        Cross-References:       CVE-2009-3555, CVE-2010-0173, CVE-2010-0174
                                CVE-2010-0175, CVE-2010-0176, CVE-2010-0177
                                CVE-2010-0178, CVE-2010-0179, CVE-2010-0181
                                CVE-2010-0182, MFSA 2010-16, MFSA 2010-17
                                MFSA 2010-18, MFSA 2010-19, MFSA 2010-20
                                MFSA 2010-21, MFSA 2010-22, MFSA 2010-23
                                MFSA 2010-24

    Content of This Advisory:
        1) Security Vulnerability Resolved:
             Mozilla browsers and libraries security update
           Problem Description
        2) Solution or Work-Around
        3) Special Instructions and Notes
        4) Package Location and Checksums
        5) Pending Vulnerabilities, Solutions, and Work-Arounds:
            See SUSE Security Summary Report.
        6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

   The Mozilla Firefox browser was updated to version 3.5.9 fixing lots
   of bugs and security issues. On openSUSE 11.0 and 11.1 the browser
   was updated from the 3.0 branch to 3.5.9

   Also the Mozilla NSS libraries were updated to version 3.12.6 to fix
   the CVE-2009-3555 TLS renegotiation issue.

   Mozilla Thunderbird on openSUSE 11.2 was updated to 3.0.4 and Seamonkey
   2 was updated to 2.0.4.

   Following security issues were fixed:
   MFSA 2010-16: Mozilla developers identified and fixed several stability
   bugs in the browser engine used in Firefox and other Mozilla-based
   products. Some of these crashes showed evidence of memory corruption
   under certain circumstances, and we presume that with enough effort
   at least some of these could be exploited to run arbitrary code.
   References

   Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes
   in the browser engine that affected Firefox 3.5 and Firefox
   3.6. (CVE-2010-0173)

   Jesse Ruderman and Ehsan Akhgari reported crashes that affected all
   supported versions of the browser engine. (CVE-2010-0174)


   MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported
   via TippingPoint's Zero Day Initiative that a select event handler for
   XUL tree items could be called after the tree item was deleted. This
   results in the execution of previously freed memory which an attacker
   could use to crash a victim's browser and run arbitrary code on the
   victim's computer.


   MFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported
   via TippingPoint's Zero Day Initiative an error in the way . In certain cases,
   the number of references to an

SuSE: 2010-021: Mozilla Firefox 3.5.9 Security Update

April 14, 2010
The Mozilla Firefox browser was updated to version 3.5.9 fixing lots The Mozilla Firefox browser was updated to version 3.5.9 fixing lots of bugs and security issues

Summary


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                MozillaFirefox,MozillaThunderbird,seamonkey,mozilla-nss
        Announcement ID:        SUSE-SA:2010:021
        Date:                   Wed, 14 Apr 2010 15:00:00 +0000
        Affected Products:      openSUSE 11.0
                                openSUSE 11.1
                                openSUSE 11.2
                                SLE SDK 10 SP2
                                SLE SDK 10 SP3
                                SUSE Linux Enterprise Desktop 10 SP2
                                SUSE Linux Enterprise Desktop 10 SP3
                                SUSE Linux Enterprise Server 10 SP2
                                SUSE Linux Enterprise Server 10 SP3
                                SUSE Linux Enterprise Software Development Kit 11
                                SUSE Linux Enterprise Desktop 11
                                SUSE Linux Enterprise Server 11
        Vulnerability Type:     remote code execution
        CVSS v2 Base Score:     10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
        SUSE Default Package:   yes
        Cross-References:       CVE-2009-3555, CVE-2010-0173, CVE-2010-0174
                                CVE-2010-0175, CVE-2010-0176, CVE-2010-0177
                                CVE-2010-0178, CVE-2010-0179, CVE-2010-0181
                                CVE-2010-0182, MFSA 2010-16, MFSA 2010-17
                                MFSA 2010-18, MFSA 2010-19, MFSA 2010-20
                                MFSA 2010-21, MFSA 2010-22, MFSA 2010-23
                                MFSA 2010-24

    Content of This Advisory:
        1) Security Vulnerability Resolved:
             Mozilla browsers and libraries security update
           Problem Description
        2) Solution or Work-Around
        3) Special Instructions and Notes
        4) Package Location and Checksums
        5) Pending Vulnerabilities, Solutions, and Work-Arounds:
            See SUSE Security Summary Report.
        6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

   The Mozilla Firefox browser was updated to version 3.5.9 fixing lots
   of bugs and security issues. On openSUSE 11.0 and 11.1 the browser
   was updated from the 3.0 branch to 3.5.9

   Also the Mozilla NSS libraries were updated to version 3.12.6 to fix
   the CVE-2009-3555 TLS renegotiation issue.

   Mozilla Thunderbird on openSUSE 11.2 was updated to 3.0.4 and Seamonkey
   2 was updated to 2.0.4.

   Following security issues were fixed:
   MFSA 2010-16: Mozilla developers identified and fixed several stability
   bugs in the browser engine used in Firefox and other Mozilla-based
   products. Some of these crashes showed evidence of memory corruption
   under certain circumstances, and we presume that with enough effort
   at least some of these could be exploited to run arbitrary code.
   References

   Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes
   in the browser engine that affected Firefox 3.5 and Firefox
   3.6. (CVE-2010-0173)

   Jesse Ruderman and Ehsan Akhgari reported crashes that affected all
   supported versions of the browser engine. (CVE-2010-0174)


   MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported
   via TippingPoint's Zero Day Initiative that a select event handler for
   XUL tree items could be called after the tree item was deleted. This
   results in the execution of previously freed memory which an attacker
   could use to crash a victim's browser and run arbitrary code on the
   victim's computer.


   MFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported
   via TippingPoint's Zero Day Initiative an error in the way . In certain cases,
   the number of references to an

References

Severity

Related News

5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved