Solution
Please Install the Updated Packages.
Insight
The Mozilla suite received security and bugfix updates:
Mozilla Firefox was updated to version 20.0. Mozilla Thunderbird was updated to version 17.0.5. Mozilla Seamonkey was updated to version 17.0.5. Mozilla XULRunner was updated to version 17.0.5. mozilla-nss was updated to version 3.14.3. mozilla-nspr was updated to version 4.9.6.
mozilla-nspr was updated to version 4.9.6:
* aarch64 support
* added PL_SizeOfArenaPoolExcludingPool function
(bmo#807883)
* Auto detect android api version for x86 (bmo#782214) * Initialize Windows CRITICAL_SECTIONs without debug info and with nonzero spin count (bmo#812085) Previous update to version 4.9.5
* bmo#634793: define NSPR's exact-width integer types PRInt{N} and PRUint{N} types to match the <
stdint.h>
exact-width integer types int{N}_t and uint{N}_t.
* bmo#782815: passing 'int *' to parameter of type 'unsigned int *' in setsockopt().
* bmo#822932: Port bmo#802527 (NDK r8b support for x86) to NSPR.
* bmo#824742: NSPR shouldn't require librt on Android.
* bmo#831793: data race on lib->
refCount in
PR_UnloadLibrary.
mozilla-nss was updated to version 3.14.3:
* disable tests with expired certificates
* add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from mozilla tree to fulfill Firefox 21 requirements
* No new major functionality is introduced in this release.
This release is a patch release to address CVE-2013-1620 (bmo#822365)
* "
certutil -a"
was not correctly producing ASCII output as
requested. (bmo#840714)
* NSS 3.14.2 broke compilation with older versions of sqlite that lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now properly compiles when used with older versions of sqlite (bmo#837799) - remove
system-sqlite.patch
* add arm aarch64 support
* added system-sqlite.patch (bmo#837799)
* do not depend on latest sqlite just for a #define * enable system sqlite usage again
* update to 3.14.2
* required for Firefox >
= 20
* removed obsolete nssckbi update patch
* MFSA 2013-40/CVE-2013-0791 (bmo#629816) Out-of-bounds array read in CERT_DecodeCertPackage
* disable system sqlite usage since we depend on 3.7.15 which is not provided in any openSUSE distribution * add nss-sqlitename.patch to avoid any name clash
Changes in MozillaFirefox:
- update to Firefox 20.0 (bnc#813026)
* requires NSPR 4.9.5 and NSS 3.14.3
* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards
* MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds
Affected
Mozilla Firefox and others on openSUSE 12.2, openSUSE 12.1
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-0788, CVE-2013-0789, CVE-2013-0791, CVE-2013-0792, CVE-2013-0793, CVE-2013-0794, CVE-2013-0795, CVE-2013-0796, CVE-2013-0800, CVE-2013-1620 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities