SuSE Update for MozillaFirefox,mozilla-xulrunner191 SUSE-SA:2010:030

Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
Mozilla Firefox was updated to version 3.5.10, fixing various bugs and security issues. CVE-2008-5913: Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different web sites. CVE-2010-1197: Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when Content-Type: multipart was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a Content-Type but rely on Content-Disposition: attachment to prevent the content from being displayed inline. CVE-2010-1125: Google security researcher Michal Zalewski reported that focus() could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behavior was also present across origins when content from one domain was embedded within another via an IFRAME. A malicious web page could use this behavior to steal keystrokes from a victim while they were typing sensitive information such as a password. CVE-2010-1199: Security researcher Martin Barbella reported via TippingPoint's Zero Day Initiative that an XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store its value would overflow, resulting in too small a buffer being created. An attacker could use this vulnerability to write data past the end of the buffer, causing the browser to crash and potentially running arbitrary code on a victim's computer. CVE-2010-1196: Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the string would overflow, resulting in too small a buffer being allocated. An attacker could use this vulnerability to write data past the end of the buffer, causing a crash and potentially running arbitrary code on a victim's computer. CVE-2010-1198: Microsoft Vulnerability Research reported that tw ... Description truncated, for more information please check the Reference URL
Affected
MozillaFirefox,mozilla-xulrunner191 on openSUSE 11.0, openSUSE 11.1, openSUSE 11.2
References